A recent surge in North Korean activity involves fake job interviews to distribute malware, including InvisibleFerret. This Python-based malware targets the technology, finance, and cryptocurrency sectors, focusing on developers. It steals source code, wallets, and sensitive files. InvisibleFerret gathers victim information, exfiltrates browser data, and implements keylogging and clipboard monitoring. The malware uses FTP and Telegram for data exfiltration, and AnyDesk for persistence. It targets major browsers and specific extensions, particularly crypto wallets and authentication apps. The analysis reveals poor coding practices and weak obfuscation techniques. The campaign, known as Contagious Interview or DevPopper, demonstrates significant investment in infrastructure and social engineering tactics.