Contagious Interview Actors Now Utilize JSON Storage Services for Malware Delivery

NVISO describes the Contagious Interview campaign attributed to DPRK-aligned actors who social-engineer developers with fake recruiter interviews and trojanized demo projects; they abuse legitimate JSON storage services and code repositories to host obfuscated JavaScript/Python that delivers BeaverTail infostealer, InvisibleFerret RAT, and Tsunami components for data and crypto-wallet exfiltration, persistence, and further payload retrieval, and the report includes detailed TTPs and extensive IOCs.