North Korean 'Contagious Interview' Targets Crypto Firms

A North Korean hacking subgroup within the Lazarus Group, known as 'Contagious Interview,' targeted the crypto industry by establishing fake U.S. companies like Blocknovas LLC and Softglide LLC, as well as at least one foreign-linked entity, Angeloper Agency. These shell firms used fabricated identities, addresses, and both AI-generated and stolen images to create deceptive job postings and lure cryptocurrency developers into fake interviews. Victims were tricked into downloading malware disguised as onboarding materials or instructed to submit videos, which facilitated the delivery of strains like BeaverTail, InvisibleFerret, and OtterCookie. The malware enabled data theft, credential compromise, and gave hackers remote access to victim systems for follow-up attacks. The FBI responded by seizing the Blocknovas domain in a broader crackdown on North Korean cyber threats violating U.S. and UN sanctions. These operations are part of North Korea's ongoing campaign to fund its weapons programs through cyber-enabled financial theft.