The OSINT reports that North Korean state-sponsored operators are running the “Contagious Interview” campaign, using malicious npm packages, GitHub, and Vercel infrastructure, and the OtterCookie malware family to compromise blockchain and Web3 developers, exfiltrate credentials and wallet data, and remotely control infected systems for digital asset theft and espionage.

November 30th, 2025 Synopsis The analysis shows that Shai-hulud 2.0 is a highly capable supply-chain threat that compromises CI/CD workflows, developer accounts, and cloud secret stores to harvest credentials, weaponize npm packages, and propagate automatically across dependent systems, creating a scalable and repeating compromise pattern. This understanding shapes strategic decisions by requiring stronger governance over software-supply-chain risk, dependency management, and