OpenSourceMalware identified a Lazarus Group variation of the Contagious Interview campaign that targets software engineers through fake recruiter outreach and GitHub coding assessments. The attack abuses VS Code task automation with runOn: folderOpen to execute a JavaScript file disguised as a Font Awesome .woff2 font when the victim opens the project. The obfuscated BeaverTail-style loader uses Base91-encoded strings, creates a hidden ~/.npm scoped directory, installs Node dependencies, and contacts the fake Alchemy-themed domain eth-mainnet-alchemy.com. Code returned from the C2 is executed through new Function(), and the chain is reported to deliver the InvisibleFerret Python backdoor for cryptocurrency wallet theft, browser credential theft, and persistent access.