ANY.RUN analyzes InvisibleFerret, a Python malware used in North Korean job-interview campaigns known as Contagious Interview or DevPopper. The campaign targets developers in technology, finance, and cryptocurrency sectors by posing as hiring workflows and delivering malware as coding challenges, dependencies, or fake video-call software. BeaverTail acts as the JavaScript stealer and loader, then downloads a portable Python environment and deploys InvisibleFerret as a later stage. InvisibleFerret profiles the host, contacts C2 on unusual ports, uses FTP and SSH-style upload routines for exfiltration, targets documents, downloads, browser data, and other files, can run attacker commands, and may install AnyDesk for remote access.