Contagious Interview: Malware delivered through fake developer job interviews

Microsoft Defender Experts exposes the “Contagious Interview” campaign, where attackers pose as recruiters and embed malicious code in fake interview repositories and tasks to trick developers into executing npm packages or repository tasks. The campaign deploys modular backdoors (notably OtterCookie and a beaconing JavaScript agent), follow-on Python and Go backdoors (Invisible Ferret, FlexibleFerret), and commodity stealers to enumerate and exfiltrate secrets (API tokens, wallets, password vaults, keys). The report includes observed behaviors, code-execution and exfiltration patterns, detection/hunting queries, and mitigation recommendations to protect developer workflows.