Contagious Interview Campaign Floods npm with Malicious Packages

Threat actors behind the Contagious Interview campaign have continued to infiltrate the npm registry with 197 malicious packages, downloaded over 31,000 times. These packages deliver a variant of OtterCookie, combining features of BeaverTail and previous versions. The malware evades sandboxes, profiles machines, and establishes a command-and-control channel to steal data and provide remote shell access. The campaign, distinct from other IT worker schemes, compromises individuals through fake recruiting pipelines and malicious coding exercises. Researchers have also discovered a new attack targeting Mac users via fake job websites, tricking them into downloading malware disguised as software updates.