ENKI found a Contagious Interview campaign using GitHub repositories and VSCode task automation to infect developers with Beavertail, InvisibleFerret, and OtterCookie-related tooling. The operators posed as recruiters, developers, and fictitious or lookalike companies, including Web3-themed personas, then embedded malicious VSCode task files that executed downloaders when victims opened the project folder. The infection chain used OS-specific scripts, Node.js and Python payload staging, obfuscated JavaScript loaders, and C2 infrastructure that delivered Beavertail, collected browser and wallet-related data, and enabled further remote-access and file-exfiltration functions. The report also notes signs that some downloader code may have been generated with LLM assistance and provides infrastructure and GitHub-account details useful for detecting developer-targeted DPRK activity.