PurpleBravo’s Targeting of the IT Software Supply Chain

Insikt Group / Recorded Future detail the PurpleBravo (Contagious Interview) campaign — a North Korean state‑linked operation that impersonates recruiters to target developers (notably in cryptocurrency and South Asia) and deliver malicious GitHub-hosted JavaScript and RATs. The report analyzes multiple malware families (BeaverTail infostealer; PylangGhost/GolangGhost RATs with advanced Chrome credential decryption; InvisibleFerret multi‑platform RAT), enumerates C2 infrastructure and thousands of likely targets, documents overlap with PurpleDelta actors, and provides IoCs and mitigations to reduce supply‑chain and credential‑theft risk.