Contagious Interview Campaign Uses JSON Services for Malware Delivery

Cyber Security News by CyberSum.net

Published on November 15, 2025 at 12:00 AM

2 sources

Threat actors behind the Contagious Interview campaign are using JSON storage services to host and deliver malware. The campaign targets software developers through professional networking sites, instructing them to download trojanized code projects. These projects contain Base64-encoded values that lead to obfuscated JavaScript malware, BeaverTail, which harvests sensitive data and drops a Python backdoor called InvisibleFerret. The campaign's sophistication and use of legitimate services highlight the actors' stealthy tactics.

Also Read

Critical Triofox Vulnerability Exploited by UNC6485

Researchers at Mandiant Threat Defense, part of Google Cloud Security Operations, have revealed a critical unauthenticated access vulnerability in Gladinet’s Triofox file-sharing platform. The flaw, now patched as CVE-2025-12480, allowed attackers to bypass authentication and achieve SYSTEM-level code execution. The exploitation campaign was detected on August 24, 2025, with attackers targeting version 16.4.10317.56372. Mandiant confirmed that Gladinet has released a fix, and the vulnerability is resolved in new versions of Triofox. The attackers used the flaw to create an administrative account and execute malicious scripts, achieving code execution as SYSTEM. They also used PuTTY and Plink to create an SSH tunnel for covert persistence.

By Cyber Security News by CyberSum.netNovember 11, 2025 at 06:00 AM