North Korea's 'Contagious Interview' Job Scam Now Self-Propagates Through Victims

DPRK-aligned threat actors running the long-tracked ‘Contagious Interview’ campaign have evolved their playbook: the fake job recruitment scheme now spreads through the very developers it compromises. Victims lured by bogus engineering roles are tricked into running malicious code during sham technical interviews, and infected machines are then leveraged to push the lure further into the target’s professional network.

The self-propagating twist transforms what was previously a narrow social-engineering operation into something closer to a worm with human intermediaries. Compromised accounts, contact lists, and developer reputations become distribution infrastructure, lending legitimacy to follow-on approaches and collapsing the trust signals recruiters and candidates normally rely on.

The significance is less about novel malware and more about operational leverage: North Korea continues to extract revenue and access from Western tech labor markets by weaponizing the hiring funnel itself. Defenders need to treat inbound recruiter contact, coding challenges, and npm/PyPI packages shared during interviews as untrusted execution surfaces, not collaborative workflows.