North Korean-linked threat actors have been targeting tech industry job seekers in a campaign called "Contagious Interview," first disclosed by Palo Alto Networks Unit 42 in November 2023. The attackers pose as recruiters on job platforms, luring software developers into fake online interviews where they are tricked into downloading malware. The campaign leverages a malicious downloader called BeaverTail, now rewritten in the Qt framework to target both Windows and macOS, and serves as a gateway for the Python-based InvisibleFerret backdoor. The malware steals browser credentials, cryptocurrency wallet data, and allows remote control of infected devices. Despite being publicly exposed, the campaign continues to be successful due to its effective use of social engineering and impersonation techniques, according to researchers at Unit 42 and Group-IB.