DPRK Fake Job Scams Self-Propagate in 'Contagious Interview'

Summary

North Korean threat actors are leveraging compromised developer repositories as self-propagating infection vectors to distribute remote access Trojans and malware through fake job recruitment schemes. The attack uses a worm-like mechanism dubbed 'Contagious Interview' that spreads malware to developers who interact with poisoned code repositories. This supply-chain attack targets software developers and combines social engineering with technical compromise.

Indicators of Compromise

• malware — RAT (Remote Access Trojan)

Entities