Contagious Interview is described as a North Korea-aligned threat group active since 2023 that conducts cyberespionage and financially motivated operations, including cryptocurrency and credential theft. The group targets Windows, Linux, and macOS users, especially software developers and people working in cryptocurrency or blockchain roles, through fake hiring activity, social media outreach, job boards, and malicious code repositories. Its tooling and tradecraft include BeaverTail, InvisibleFerret, malicious NPM packages, fake personas, AnyDesk, Vercel and other web services for delivery or C2, Telegram and Dropbox for exfiltration, and persistence through startup folders, XDG autostart entries, and LaunchAgents. The MITRE entry maps the group to extensive ATT&CK behavior, including spearphishing via service, masquerading, credential theft from macOS Keychain, C2 exfiltration, financial theft, and attempts to bypass container isolation by convincing victims to run code natively.