North Korean operators behind Contagious Interview and WageMole continued using fake developer hiring activity to steal data and support remote job fraud in Western countries. Zscaler observed updated BeaverTail JavaScript and InvisibleFerret Python payloads with stronger obfuscation, dynamic code loading, Windows and macOS delivery formats, and OS specific persistence. The campaign targets web, cryptocurrency, and AI developers through attacker controlled GitHub repositories, social media contact, and fake job tasks. ThreatLabz reported more than 100 infected devices and theft of source code, cryptocurrency wallet data, browser data, personal information, keylogs, and clipboard content.