Bitso describes a final installment in its Chollima interview series, centered on a suspected North Korean applicant who posed as “Lucas Gabriel,” claimed to be a Senior Full Stack Engineer from Córdoba, refused to use camera, could not speak Spanish, and abandoned the interview when pressed. The article links the encounter to an earlier DPRK spear-phishing attempt in which a fake crypto-company recruiter sent code containing OtterCookie that could deploy InvisibleFerret. While reversing that malware, the author found domains exposing services including RDP and describes a third-party intrusion using hardcoded credentials found in DPRK malware samples. The accessed filesystem allegedly contained tools including OtterCookie and drainer programs, plus notes on persona creation, VPN and residential proxy use, claimed U.S. locations, and AI-generated LinkedIn engagement for job-seeking cover.