Threat Intelligence, Supply chain

Contagious Interview campaign expands further

North Korea flag is depicted on the screen with the program code. The concept of modern technology and site development

Over a dozen new malicious packages have been published across the npm, PyPI, Go Modules, crates.io, and Packagist ecosystems to facilitate malware compromise as part of the growing North Korean Contagious Interview campaign, which has been driven by over 1,700 illicit packages since its emergence in January 2025, according to The Hacker News.

Installation of the malware-loading packages facilitates the retrieval of an information-stealing and remote access trojan payload that targets browser, password manager, and cryptocurrency wallet data, a report from Socket security researchers showed. Additional findings showed a Windows malware variant that enabled shell command execution, keystroke logging, AnyDesk installation, and further module downloads.

"That makes this cluster notable not just for its cross-ecosystem reach, but for the depth of post-compromise functionality embedded in at least part of the campaign," said Socket researcher Kirill Boychenko. Such a report comes as North Korean threat group UNC1069, which was most recently linked to the axios supply chain hack, was noted by Security Alliance researchers to have been launching multi-week social engineering operations in Telegram, Slack, and LinkedIn to enable the distribution of cross-platform payloads.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds