DPRK Fake Job Scams Self-Propagate in 'Contagious Interview'

The "Contagious Interview" campaign illustrates how nation‑state actors can weaponize the trusted hiring process to infiltrate software supply chains. By masquerading as recruiters from cryptocurrency or AI firms, the North Korean group entices developers to clone a repository and run a technical test. The malicious code lives in a hidden .vscode folder and leverages Visual Studio Code’s workspace task system, which runs automatically once the developer accepts the trust prompt. This low‑friction execution path enables the initial foothold without requiring additional user interaction, turning a single social‑engineering bite into a worm‑like propagation mechanism.

Technically, the infection chain harvests high‑value secrets such as crypto‑wallet credentials, code‑signing keys, and CI/CD pipeline tokens. The stolen assets are funneled through blockchain networks like Tron, Aptos and Binance Smart Chain, complicating takedown efforts. When a compromised repository is pushed to GitHub, GitLab or Bitbucket, the hidden task file remains dormant until another developer clones the repo, repeats the trust prompt, and unintentionally distributes the payload. This cascade can affect popular open‑source projects, amplifying the attack surface across thousands of downstream users and potentially exposing critical production infrastructure.

Mitigation requires a shift in developer hygiene and organizational policy. Treat any external repository, even those received during a hiring process, as untrusted; enforce lock‑file integrity checks, code‑signing verification, and least‑privilege CI/CD credentials. Running suspicious code in isolated containers or VMs, coupled with endpoint detection that flags unauthorized VS Code tasks, can stop the worm before it propagates. As supply‑chain threats mature, security teams must embed these safeguards into the software development lifecycle to protect both the codebase and the broader ecosystem from state‑sponsored intrusion.