Famous Chollima is described as merging BeaverTail and OtterCookie capabilities in Contagious Interview operations that lure job seekers into installing trojanized software. In the Sri Lanka incident, a user cloned a Bitbucket repository for a Web3 chess platform, and its dependencies pulled the malicious node-nvm-ssh NPM package, whose post-install scripts executed obfuscated JavaScript. BeaverTail enumerated browser profiles and cryptocurrency wallet extensions such as MetaMask, Phantom, and Solflare, while also downloading Python-based InvisibleFerret modules from C2 servers. OtterCookie added modular remote shell, file-upload, crypto-extension theft, clipboard monitoring, keylogging, and screenshot functions, with later versions adding anti-analysis checks and more dynamic code loading. The overlap shows DPRK-linked fake-recruitment tradecraft evolving from social engineering into supply-chain delivery and more complete credential and cryptocurrency theft tooling.