Research from GitLab has exposed the latest tradecraft behind North Korean fake IT worker scams. GitLab banned 131 North Korean-attributed accounts last year, most of which involved JavaScript repositories that acted as resources in the so-called Contagious Interview campaign. In most cases, GitLab projects acted as obfuscated loaders for malware payloads — such as BeaverTail and Ottercookie — hosted outside the code repository platform. Contagious Interview The Contagious Interview campaign revolves around North Korean threat actors posing as recruiters or hiring managers in order to trick software developers into executing malicious code projects under the pretence of technical interviews....