TechFlow news, January 22 — According to the latest security research from Recorded Future's Insikt Group, North Korean hacker group PurpleBravo has launched a cyber-espionage campaign dubbed "Contagious Interview," targeting over 3,100 IP addresses associated with artificial intelligence, cryptocurrency, and financial services.
The attackers impersonated recruiters or developers, luring job seekers into performing technical interview tasks such as code review, cloning repositories, or completing programming assignments, thereby executing malicious code on corporate devices. So far, 20 organizations across South Asia, North America, Europe, the Middle East, and Central America have been confirmed compromised.
Researchers found that the hackers used forged Ukrainian identities for cover and deployed two remote access trojans—PylangGhost and GolangGhost—to steal browser credentials. Additionally, they developed weaponized versions of Microsoft Visual Studio Code to implant backdoors via malicious Git repositories.
