ENKI tracks a Lazarus-attributed Contagious Interview variant that continues to target job seekers through fake recruitment activity with an apparent cryptocurrency-theft objective. The newer flow replaces coding-test package lures with a fake Willo-style video interview site that claims camera access is blocked and instructs victims to run curl commands for Windows or macOS. Windows victims receive VBS and JavaScript stages that download NVIDIA-themed archives, establish persistence, and compile a Go backdoor from source, while macOS victims run shell scripts, install a LaunchAgent, execute a Go backdoor, and may see a fake Chrome prompt used to steal the user password. The backdoor contacts hardcoded C2 infrastructure over HTTP POST, encrypts messages with RC4, sends host and OS details, and supports command execution based on decoded message types. The campaign shows Lazarus adapting social-engineering prompts, cross-platform delivery, persistence, and C2 tradecraft within Contagious Interview activity.