Unit 42 reports that North Korean actors continued Contagious Interview activity into December 2025, using fake recruiter personas against people seeking crypto and technology jobs. The campaign lures targets to attacker-created GitHub repositories during recruitment interactions, using the repositories to host malware. The reported objective is deployment of the InvisibleFerret Python backdoor, which supports remote code execution, keylogging, and cryptocurrency wallet theft. The excerpt lists associated file hashes, IP addresses 67.203.7[.]205 and 45.43.11[.]199, and a GitHub repository that was active in mid-December 2025 before being taken offline. The activity matters because it shows ongoing DPRK use of social engineering and developer-platform abuse to reach job seekers in high-value crypto and tech environments.