Red Asgard links a new Contagious Interview sample to Lazarus Group and reports a shift from Pastebin dead drops to Polygon NFT contracts used as a blockchain-based dead drop resolver. The campaign impersonated the real cryptocurrency betting company Betfin, using LinkedIn outreach, voice-only interview calls, private code repositories, and pressure to clone and run a project during the interview. The infection chain abused VSCode folder-open tasks and npm script hijacking to run Node.js malware, query Polygon RPC endpoints, execute fetched JavaScript with full Node.js capabilities, and deploy a RAT and stealer. Captured payloads targeted cryptocurrency wallets, password managers, browsers, and developer credentials, with infrastructure including 87.236.177.9:3000 and Polygon contract addresses 0xad031E8d8877481337cD53E141C16A2201BB6F4d and 0xa80db78ff597c3D34cCAF3bdaC39f3E193595561. The report matters because blockchain-hosted payload configuration is resistant to takedown and blends into legitimate Web3 traffic.