A malicious npm account, gemini-check, published gemini-ai-checker as a fake Google Gemini token verifier and used related packages express-flowlimit and chai-extensions-extras that shared the same Vercel staging infrastructure. The package assembled a request to server-check-genimi.vercel[.]app/defy/v3 with a bearer-style token and executed returned JavaScript in memory through Function.constructor. De-obfuscated payloads showed a four-module Node.js backdoor consistent with OtterCookie activity associated with the DPRK-linked Contagious Interview campaign, including Socket.IO remote control, credential theft, file exfiltration, and clipboard monitoring. The malware communicated with 216.126.237[.]71 on ports 4891, 4896, 4899, and 80, and explicitly searched developer and AI coding tool directories such as .cursor, .claude, .gemini, .windsurf, .pearai, and .eigent for tokens, keys, conversations, and source code.