NTT Security Japan analyzes OtterCookie, a malware family observed in the Contagious Interview campaign, which is described as a North Korea-linked, financially motivated operation. The activity often begins with Node.js projects or npm packages downloaded from GitHub or Bitbucket, with some recent cases using Qt or Electron applications as the initial lure. OtterCookie was observed from November 2024 and may have been active since September 2024, with versions differing in implementation but sharing core capabilities. The malware supports remote shell commands, environment discovery, and collection of documents, images, cryptocurrency-related files, and wallet keys for exfiltration.