Find notable cyber news and cases, enriched with sources, timelines, and signals.

Contagious Interview JSON storage delivery campaign targeting software developers

Campaign
First reported
Last updated
Happening score
H score 35
2 unique sources, 2 articles

Summary

Hide ▲

The Contagious Interview campaign has shifted to using JSON storage services to stage malware, making delivery harder to spot and increasing risk to developer systems. The operation reaches prospective software developers through professional networking sites and lures them into downloading trojanized demo projects. A deceptive config file can point to the next-stage payload, which then drops tools such as BeaverTail and InvisibleFerret. The activity matters because it is designed to steal sensitive data and crypto wallet information while blending into legitimate web traffic.

Related Happenings

Contagious Interview UNK_DeadDrop GitHub phishing campaign

Campaign
H score37 First: 15.06.2026 22:32 Last: 15.06.2026 22:32 Sources 1

About this happening: The **Contagious Interview** cluster is running the **UNK_DeadDrop** phishing campaign to lure developers with **recruitment** and **code review** themes, reaching **nearly 100 or...

UNK_DeadDrop developer phishing campaign using fake job and code-review lures

Campaign
H score30 First: 08.06.2026 18:00 Last: 08.06.2026 18:00 Sources 1

About this happening: A **UNK_DeadDrop** phishing campaign sent **more than 250 emails** to software developers at **almost 100 organizations**, using fake job and code-review lures to steal **cryptocu...

CL-CRI-1089 Operation FlutterBridge macOS malvertising campaign

Campaign
H score33 First: 04.06.2026 14:19 Last: 04.06.2026 14:19 Sources 1

About this happening: A **macOS malvertising campaign** is delivering **FlutterShell** through malicious ads and trojanized apps, expanding browser-hijacking and backdoor risk across **the U.S., Canada...

WeedHack Minecraft MaaS campaign expands with malicious JARs and remote access

Malware Activity
H score65 First: 03.06.2026 00:54 Last: 03.06.2026 00:54 Sources 1

About this happening: **WeedHack** is a **Minecraft-focused malware-as-a-service** operation that has been active since **January 2026** and uses **SEO poisoning** and **YouTube** to push malicious dow...

JINX-0164 cryptocurrency recruitment-lure campaign

Campaign
H score39 First: 28.05.2026 10:54 Last: 28.05.2026 10:54 Sources 1

About this happening: A **JINX-0164** campaign is targeting **cryptocurrency firms** and developers with **LinkedIn recruiter lures**, a fake meeting-and-fix workflow, and **macOS malware** to steal cr...

Timeline

  1. 14.11.2025 20:25 3 articles · 7mo ago

    Contagious Interview adds JSON storage staging for malware delivery

    Technical Analysis Update

    NVISO describes North Korean threat actors behind Contagious Interview as using JSON Keeper, JSONsilo, and npoint.io to host and deliver malware from trojanized developer projects, with a Base64-encoded value in `server/config/.config.env` pointing to an obfuscated next-stage payload that leads to BeaverTail, InvisibleFerret, and TsunamiKit delivery against prospective software developers.

    Show sources