North Korean threat actors are targeting job seekers in the tech industry. These attackers are delivering malware tracked as BeaverTail and InvisibleFerret. The operations are part of a campaign called “Contagious Interview” which was first discovered by Palo Alto in November 2023. In an attack, the victim is first invited to an online interview. During the interview, the attacker tries to convince the interviewee to download and install malware. The infection first begins with the BeaverTail downloader and information stealer. BeaverTail allows the attacker to enable activities such as fingerprinting, remote control, keylogging, and data exfiltration. Additionally, BeaverTail contains a browser stealer that collects the victim’s credit card information and browser credentials.



