Tenacious Pungsan: A DPRK threat actor linked to Contagious Interview

Datadog Security Research identified three namesquatting npm packages (passports-js, bcrypts-js, blockscan-api) that delivered BeaverTail JavaScript infostealer variants tied to a DPRK-aligned threat actor called "Tenacious Pungsan" and the Contagious Interview campaign; the malware collects cryptocurrency wallet and browser/keychain credentials and fetches a second-stage InvisibleFerret backdoor from C2 infrastructure (95.164.17.24). The packages were downloaded a combined 323 times, have been removed and published to Datadog's malicious package dataset, and GitHub Security Advisories were released for the affected packages.