Mastodawn

New to The Fake Interview? Start with the trailer.

In under 90 seconds: fake coding interviews, malicious developer repos, Lazarus-attributed infrastructure, credential theft, and the investigation behind Episode 1 and Episode 2.

Trailer: https://open.spotify.com/episode/1k95vAnI5tOfrp7zK2bys0?si=3CPB1YN6TQyU6niMNPKavg

Latest episode: https://open.spotify.com/episode/1f0HVuCeLaNxdA72xrDLDS?si=NU-TCDDmQUalbaq1zgUdlw

#fakeinterview #contagiousinterview #dprk #lazarus #threatintel #redasgard #cybersecurity #podcast

Trailer: The Fake Interview

The Fake Interview · Episode

Spotify

valh4x Apr 30

Important findings for security professionals: "Hunting Lazarus Part VI: The Factory That Ate Its Workers"

Originally published on Red Asgard: https://redasgard.com/blog/hunting-lazarus-part6-factory-that-ate-its-workers

#lazarus #huntinglazarus #helpme #dprk #contagiousinterview #northkorea #atribution #redasgard #cybersecurity #threatintel #threathunt

Hunting Lazarus Part VI: The Factory That Ate Its Workers

Five operator workstations appeared in the campaign's own victim database. The same exfiltration pipeline that harvested developer credentials, wallet material, and source-repository tokens had ingested the staff who ran it — the supervisor, a persona operator, a test workstation, a provisioning workstation, and an operator infection that persisted sixty-eight days.

Red Asgard

(in)sicurezza digitale Apr 24

Contagious Interview diventa un worm: Void Dokkaebi trasforma 750 repository in vettori auto-propaganti contro gli sviluppatori

Il gruppo APT nordcoreano Void Dokkaebi (Famous Chollima) ha trasformato le sue finte offerte di lavoro in un attacco supply chain capace di propagarsi automaticamente: basta aprire un repository clonato in VS Code per attivare payload nascosti in commit manipolati. A marzo 2026, Trend Micro ha mappato oltre 750 repository infetti, 500 task.json malevoli e staging C2 su Tron, Aptos e Binance Smart Chain.

https://insicurezzadigitale.com/contagious-interview-diventa-un-worm-void-dokkaebi-trasforma-750-repository-in-vettori-auto-propaganti-contro-gli-sviluppatori/

The Threat Codex Apr 16

Tracking an OtterCookie Infostealer Campaign Across npm
#OtterCookie #ContagiousInterview
https://panther.com/blog/tracking-an-ottercookie-infostealer-campaign-across-npm

Tracking an OtterCookie Infostealer Campaign Across npm - Panther | The Security Monitoring Platform for the Cloud

Tracking an OtterCookie Infostealer Campaign Across npm

The Threat Codex Apr 10

North Korea’s Contagious Interview Campaign Spreads Across 5 Ecosystems, Delivering Staged RAT Payloads
#ContagiousInterview #npm #PyPI #Packagist
https://socket.dev/blog/contagious-interview-campaign-spreads-across-5-ecosystems

North Korea’s Contagious Interview Campaign Spreads Across 5...

Malicious packages published to npm, PyPI, Go Modules, crates.io, and Packagist impersonate developer tooling to fetch staged malware, steal credentia...

Socket

Analyst207 Apr 8

North Korean Hackers Expand Malicious Package Reach Across Multiple Coding Ecosystems

Beware of the Trojan horse in your code: North Korean hackers have quietly infiltrated multiple package ecosystems, publishing around 1,700 malicious packages that masquerade as legitimate developer tools but act as malware loaders. This sneaky campaign, linked to the Contagious Interview group, puts…

https://osintsights.com/north-korean-hackers-expand-malicious-package-reach-across-multiple-coding-ecosy?utm_source=mastodon&utm_medium=social

#NorthKoreanHackers #ContagiousInterview #MalwareOperations #PackageEcosystem #Npm

North Korean Hackers Expand Malicious Package Reach Across Multiple Coding Ecosystems

North Korean hackers expand malicious package reach across coding ecosystems, infecting thousands. Learn how to protect your projects now and stay safe from Contagious Interview's malware loaders.

OSINTSights

The Threat Codex Mar 16

First instance of PylangGhost RAT observed on npm
#PylangGhostRAT #ContagiousInterview #npm
https://kmsec.uk/blog/pylangghost-npm/