ON July 17, 2026, Daniel Stepanic of Elastic Security Labs reported on a new cyber campaign attributed to North Korean (DPRK) hackers, known as Contagious Interview. The attackers deployed malicious code hidden within SVG images within seemingly benign coding interview tasks to steal developer credentials and sensitive information. Key points include: 1) Developers are targeted through fake job postings and coding challenges.
2) The malware utilizes steganography to hide payloads within images, undetected by antivirus software. 3) The attack carries a four-stage payload involving credential theft, remote access, and file exfiltration, associated with previously identified malware named OTTERCOOKIE. The report emphasizes the ongoing risks developers face from socially engineered attacks, urging increased vigilance and informed security practices.