North Korea's Contagious Interview Campaign Uses JSON for Malware Distribution

North Korea's Contagious Interview Campaign Uses JSON for Malware Distribution

First seen 2 Dec 2025, 18:33 UTC ScworldCsoonline 87% similarity 14.4

Article Content

Browse articles
ThreatCluster

North Korean threat actors are utilizing JSON storage services to distribute malware as part of the ongoing Contagious Interview campaign, which has been active since 2023. The campaign involves impersonating hiring professionals to lure developers into executing malicious coding tasks through trojanized demo projects hosted on platforms like GitLab, utilizing heavily obfuscated JavaScript payloads retrieved from public JSON storage services.

ThreatCluster AI

Community

Browse all →