AhnLab analyzes a recruitment-themed phishing case distributing BeaverTail and Tropidoor-related malware through project files shared as a Bitbucket link. The archive describes a JavaScript BeaverTail component, downloader DLLs such as car.dll, and behavior consistent with credential and cryptocurrency wallet theft, additional payload download, and execution patterns previously associated with North Korean operators. The report also notes overlap with Lazarus LightlessCan-style command implementation and includes C2 and hash indicators for hunting related developer-targeted intrusions.