Nov 21, 2023 · We call the first campaign “Contagious Interview,” where threat actors pose as employers (often anonymously or with vague identities) to lure software developers into installing malware through the interview process.

Oct 9, 2024 · In this article, we present recent activity from the CL-STA-0240 Contagious Interview campaign. In this campaign, the attackers targeted job-seeking individuals on LinkedIn, luring them to download and execute malware that masquerades as …

Sep 4, 2024 · North Korean threat actors have leveraged a fake Windows video conferencing application impersonating FreeConference.com to backdoor developer systems as part of an ongoing financially-driven campaign dubbed Contagious Interview.

Feb 20, 2025 · The activity, linked to North Korea, has been codenamed DeceptiveDevelopment, which overlaps with clusters tracked under the names Contagious Interview (aka CL-STA-0240), DEV#POPPER, Famous Chollima, PurpleBravo, and Tenacious Pungsan. The campaign has been ongoing since at least late 2023.

Feb 4, 2025 · Contagious Interview, first uncovered in late 2023, is a persistent effort undertaken by the hacking crew to deliver malware to prospective targets through bogus npm packages and native apps masquerading as videoconferencing software. It's also tracked as DeceptiveDevelopment and DEV#POPPER.

Mar 1, 2025 · The malware uses fake job interview processes to trick users into installing malicious software, and new variants, including FlexibleFerret, remain undetected by XProtect.

Jan 16, 2025 · Lazarus APT, a North Korean group, is using the ClickFix social engineering technique to trick job seekers into copying and pasting malicious code onto their devices during fake video job interviews ("Contagious Interview"). This blog post shows how to expand and pivot from threat intelligence using Validin to detect likely-related ...

Mar 10, 2025 · A new cyberattack campaign, referred to as “Contagious Interview,” has been identified, where North Korean hackers use a fake video conferencing app to target developers.

Jan 22, 2025 · Dubbed “Contagious Interview” or “DevPopper,” this campaign manipulates unsuspecting software developers by embedding malicious payloads into coding challenges, video call software, or dependencies.

Mar 6, 2025 · The Contagious Interview campaign, also tracked as DEV#POPPER, is orchestrated by a North Korean threat actor known as Famous Chollima, according to CrowdStrike. The attack chain begins with a fictitious job interview, luring unsuspecting job seekers into downloading and running a Node.js project …