Checkmarx describes two North Korea-linked supply-chain tradecraft paths observed in 2023: malicious npm/PyPI-style package-manager poisoning and developer-focused Contagious Interview lures hosted through GitHub. In the npm case, crypto-themed packages used a preinstall hook to drop batch and PowerShell scripts, download a second-stage payload such as npm.mov, decrypt it into a DLL masquerading as a database, execute it with rundll32, and then delete or rename files to hide the install hook. The report also ties job-interview repositories to North Korean social engineering against developers, where victims were pushed to install malicious packages that steal sensitive data and cryptocurrency-wallet material and establish backdoor access. The key operational point is that DPRK actors are abusing developer trust in package managers, GitHub repositories, repository popularity signals, and hiring workflows to compromise software supply chains.