🟠 High  |  Source: The Hacker News


North Korean hackers linked to the ‘Contagious Interview’ campaign are hiding malware inside SVG image files using steganography, delivered via fake job postings and coding tests. Victims who run the project unknowingly execute a four-stage malware chain that steals browser credentials, cryptocurrency wallet data, and files — closely aligned with the known OtterCookie malware family. This campaign specifically targets developers and engineers, making it particularly relevant to technical staff in cloud and software organisations.

Security Architect’s Take: Brief your developer and engineering teams to treat any unsolicited coding challenge or repository — especially those sourced via LinkedIn or job boards — as a potential threat vector; enforce sandbox or isolated VM environments for running external code, and ensure endpoint detection covers steganographic payload techniques and suspicious SVG file execution.

Original advisory: Fake Coding Tests Deliver OtterCookie-Aligned Malware Hidden in SVG Flag Images