Contagious Interview ClickFix BeaverTail campaign targeting crypto and retail roles
Campaign
Summary
Hide ▲
Show ▼
North Korean operatives expanded Contagious Interview with ClickFix lures and a fake hiring platform to deliver BeaverTail and InvisibleFerret, shifting the operation toward marketing and trader roles in cryptocurrency and retail organizations. The latest wave, seen in late May 2025, matters because it shows the campaign reaching less technical targets while continuing to use staged job-assessment bait and compiled payloads across Windows, macOS, and Linux.
Related Happenings
Tropic Trooper trojanized SumatraPDF remote-access campaign
Campaign
First: 24.04.2026 12:29
Last: 24.04.2026 12:29
Sources 1
About this happening:
**Tropic Trooper** is running an active **campaign** that uses a **trojanized SumatraPDF** lure to plant **AdaptixC2 Beacon** and later abuse **VS Code tunnels** for remote access...
Tropic Trooper trojanized SumatraPDF remote-access campaign
CampaignAbout this happening: **Tropic Trooper** is running an active **campaign** that uses a **trojanized SumatraPDF** lure to plant **AdaptixC2 Beacon** and later abuse **VS Code tunnels** for remote access...
DPRK-linked cryptoasset theft campaign continuing into 2026
Campaign
First: 03.04.2026 11:35
Last: 03.04.2026 11:35
Sources 1
About this happening:
The **DPRK-linked cryptoasset theft campaign** is continuing into **2026**, keeping **crypto and Web3** targets at risk of repeated theft and laundering activity. The operation us...
DPRK-linked cryptoasset theft campaign continuing into 2026
CampaignAbout this happening: The **DPRK-linked cryptoasset theft campaign** is continuing into **2026**, keeping **crypto and Web3** targets at risk of repeated theft and laundering activity. The operation us...
Venom Stealer MaaS continuous credential theft and exfiltration
Malware Activity
First: 01.04.2026 16:30
Last: 01.04.2026 16:30
Sources 1
About this happening:
The **Venom Stealer** **malware-as-a-service** platform has been identified as a **credential-theft** threat that keeps exfiltrating data after infection, extending the window for...
Venom Stealer MaaS continuous credential theft and exfiltration
Malware ActivityAbout this happening: The **Venom Stealer** **malware-as-a-service** platform has been identified as a **credential-theft** threat that keeps exfiltrating data after infection, extending the window for...
Contagious Interview cryptocurrency social-engineering and malware-delivery campaign
Campaign
First: 23.03.2026 20:09
Last: 23.03.2026 20:09
Sources 1
About this happening:
A **North Korean** cluster behind **Contagious Interview / WaterPlum** is running a coordinated **malware campaign** against **cryptocurrency professionals**, increasing the risk...
Contagious Interview cryptocurrency social-engineering and malware-delivery campaign
CampaignAbout this happening: A **North Korean** cluster behind **Contagious Interview / WaterPlum** is running a coordinated **malware campaign** against **cryptocurrency professionals**, increasing the risk...
U.S. tax-season phishing and malware-delivery campaign
Campaign
First: 23.03.2026 12:55
Last: 23.03.2026 12:55
Sources 1
About this happening:
The **U.S. tax-season phishing campaigns** are harvesting credentials and delivering malware, putting **individuals**, **accountants**, and other professionals at risk. The lures...
U.S. tax-season phishing and malware-delivery campaign
CampaignAbout this happening: The **U.S. tax-season phishing campaigns** are harvesting credentials and delivering malware, putting **individuals**, **accountants**, and other professionals at risk. The lures...
Timeline
-
21.09.2025 13:56 2 articles · 8mo ago
Initial report: Contagious Interview ClickFix BeaverTail campaign targeting crypto and retail roles
Initial DisclosureThe operation began as a **job-assessment** lure campaign aimed at software developers and later evolved into a broader **ClickFix** delivery effort. By **late May 2025**, the activity had shifted toward a fake hiring workflow and new victim roles in **crypto** and **retail**.
Show sources
- DPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job Scams — thehackernews.com — 21.09.2025 13:56
- DPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job Scams — thehackernews.com — 21.09.2025 13:56