Find notable cyber news and cases, enriched with sources, timelines, and signals.

Contagious Interview cryptocurrency social-engineering and malware-delivery campaign

Campaign
First reported
Last updated
Happening score
H score 37
1 unique sources, 2 articles

Summary

Hide ▲

A North Korean cluster behind Contagious Interview / WaterPlum is running a coordinated malware campaign against cryptocurrency professionals, increasing the risk of credential theft and malicious code execution. The operation uses LinkedIn outreach, fake venture capital firms, and fraudulent video conferencing links to steer victims into the delivery chain. The targeting focus on founders, CTOs, and senior engineers suggests a deliberate effort to reach people with privileged access to crypto infrastructure and wallets. The activity overlaps with related clusters and continues to evolve across trusted hiring and developer workflows.

Related Happenings

KongTuke ClickFix and Teams access-seeking campaign

Campaign
H score33 First: 25.06.2026 11:54 Last: 25.06.2026 11:54 Sources 1

About this happening: The **KongTuke** operation is using **ClickFix** lures and **Microsoft Teams** messages to widen access-seeking attacks against **multiple organizations**, increasing the risk of...

Ghost Networks crypto-clipper promotion campaign

Campaign
H score15 First: 17.06.2026 21:14 Last: 17.06.2026 21:14 Sources 1

About this happening: **Unknown threat actor** is running an **active June 2026** campaign that fakes legitimacy to distribute a **Rust-based clipboard hijacker**. The operation uses **bogus GitHub sta...

North Korea-aligned developer-targeting operations shift from fake interviews to recruitment phishing at scale

Threat Actor Meta
H score31 First: 15.06.2026 22:32 Last: 15.06.2026 22:32 Sources 1

About this happening: North Korea-aligned developer-targeting operations are shifting from **fake interviews** to **recruitment-themed phishing** at scale, increasing the risk of industrialized **crede...

Contagious Interview UNK_DeadDrop GitHub phishing campaign

Campaign
H score37 First: 15.06.2026 22:32 Last: 15.06.2026 22:32 Sources 1

About this happening: The **Contagious Interview** cluster is running the **UNK_DeadDrop** phishing campaign to lure developers with **recruitment** and **code review** themes, reaching **nearly 100 or...

UNK_DeadDrop developer phishing campaign using fake job and code-review lures

Campaign
H score30 First: 08.06.2026 18:00 Last: 08.06.2026 18:00 Sources 1

About this happening: A **UNK_DeadDrop** phishing campaign sent **more than 250 emails** to software developers at **almost 100 organizations**, using fake job and code-review lures to steal **cryptocu...

Timeline

  1. 23.03.2026 20:09 2 articles · 3mo ago

    Contagious Interview expands developer and crypto targeting

    Campaign Scope Update

    North Korean threat actors behind Contagious Interview / WaterPlum are using malicious Microsoft Visual Studio Code projects and `tasks.json` `runOn: folderOpen` to auto-execute StoatWaffle, a Node.js-based malware family that can install Node.js when missing and deliver both stealer and RAT modules. The same operator set is also targeting cryptocurrency and Web3 professionals through LinkedIn social engineering, fake venture capital firms, and fraudulent video conferencing links.

    Show sources