www.elastic.co 7/17/2026, 3:21:36 PM · external

New North Korean campaign uses fake coding interviews to steal developer credentials

New North Korean campaign uses fake coding interviews to steal developer credentials
CyberSIXT Evidence Panel Source marked as original reporting

ON July 17, 2026, Daniel Stepanic of Elastic Security Labs reported on a new cyber campaign attributed to North Korean (DPRK) hackers, known as Contagious Interview. The attackers deployed malicious code hidden within SVG images within seemingly benign coding interview tasks to steal developer credentials and sensitive information. Key points include: 1) Developers are targeted through fake job postings and coding challenges.

2) The malware utilizes steganography to hide payloads within images, undetected by antivirus software. 3) The attack carries a four-stage payload involving credential theft, remote access, and file exfiltration, associated with previously identified malware named OTTERCOOKIE. The report emphasizes the ongoing risks developers face from socially engineered attacks, urging increased vigilance and informed security practices.

View full article

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline