SentinelLABS describes new macOS FlexibleFerret samples tied to the DPRK Contagious Interview campaign, where victims are lured through fake job or developer interactions into installing malware. The versus.pkg installer drops InstallerAlert.app and a malicious zoom binary into /var/tmp, runs a postinstall script, displays a fake damaged-file message, and establishes LaunchAgent persistence as com.zoom.plist. The campaign overlaps with earlier FERRET tooling through ChromeUpdate-style components, Dropbox exfiltration, api.ipify.org public-IP checks, and the zoom.callservice.us C2 domain, while some samples remained outside Apple XProtect coverage at publication time.