OpenSourceMalware identifies a new DPRK-linked Contagious Interview variant that abuses VS Code task execution and a disguised SpellRight dictionary file to infect developers who open a malicious repository. The initial payload uses tasks.json and a backup .vscode/spellright.dict JavaScript dropper to create a hidden ~/Programs_X64/ directory and write a Node.js second-stage main.js across Windows, Linux, and macOS. The second stage beacons to ip-regions-check.vercel.app with an x-secret-header value and executes returned JavaScript with eval(response.data), giving the operator remote code execution with access to files, environment variables, and network capabilities. The technique matters because it shifts DPRK developer-targeting tradecraft away from more obvious npm post-install abuse and into trusted IDE workflow features used during fake job-interview lures.