North Korean Hackers Use JSON Services for Malware
⚠️ NVISO researchers report that North Korean threat actors behind the Contagious Interview campaign are using public JSON storage services to stage and deliver malware. The attackers lure prospective victims—often developers—via LinkedIn with fake assessments or collaboration requests and host trojanized demo projects on code repositories. These projects point to obfuscated payloads on JSON Keeper, JSONsilo, and npoint.io that deploy a JavaScript loader BeaverTail which in turn drops a Python backdoor InvisibleFerret.
