Microsoft observed Contagious Interview using fake developer recruitment workflows to compromise software developers at enterprise solution providers and media and communications firms. The campaign persuaded victims to clone or execute malicious npm packages from code-hosting platforms, and recent intrusions abused Visual Studio Code trust prompts and task configuration files to fetch and launch backdoors. OtterCookie and a lightweight JavaScript beacon collected host fingerprints, maintained command-and-control access, executed attacker-supplied code, and supported follow-on payloads such as Invisible Ferret and FlexibleFerret. Post-compromise activity focused on credential, key, wallet, file, screenshot, keylogging, clipboard, and source-code theft, with data exfiltrated to attacker-controlled infrastructure through web-like traffic. The activity matters because it turns trusted hiring and coding-assessment workflows into an initial access channel against developer endpoints that may expose source code, CI/CD credentials, and production infrastructure.