Red Asgard
The Fake Interview
The Fake Interview is a narrative security investigation about how a fake coding interview became a global credential-theft operation. Across the series, valh4x and Red Asgard Security Research trace a DPRK-linked, Lazarus-attributed campaign from malicious developer repositories to exposed command-and-control infrastructure, blockchain dead drops, malware payloads, operator mistakes, victim data, and the uncomfortable question every threat hunter eventually faces: who is watching whom? This show is built for security researchers, developers, threat intelligence teams, Web3 engineers, and anyo...
Where to listen?
Podcasts in the app Replaio Radio Coming soonPodcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts
Episodes
The Day It Became Access: How Fake Interviews Turn Developer Trust Into Attack Surface 18.06.2026 30:58
A fake interview does not become dangerous only when malware runs. In Episode 8 of The Fake Interview , we step back from the repository, the workstation, and the Google Mirror to look at the behavioral layer that made the campaign work: cooperation. The recruiter message, the plausible company, the broken call, the shared repository, the real browser, the login prompt, the screen share — none of...
The Google Mirror: Browser Trust as the Attack Surface 11.06.2026 26:45
Last episode, The Fake Interview followed OtterCookie inside the developer workstation. Episode 7 moves one step outward. The Google Mirror is about a different layer of the same operation: not the repository, not the payload, not the screenshot loop, but the trusted identity path around the machine. The investigation found infrastructure positioned to proxy Google services, with behavior specific...
OtterCookie: The Malware That Watched the Developer 06.06.2026 28:43
Every five seconds, OtterCookie took another look at the workstation. Episode 06 of The Fake Interview examines OtterCookie, a second-stage malware family associated with DPRK-linked Contagious Interview activity. Where earlier stages helped explain how fake technical interviews moved developers from conversation to code execution, OtterCookie shows what the operation wanted after the code was alr...
the FTP Server: How One Boring Label Hid a Second Layer of the Campaign 28.05.2026 34:14
Episode 05 focuses on how infrastructure can be misclassified during an active investigation. The server discussed here was initially understood through its FTP exfiltration role. Later evidence tied the same host to additional campaign-linked services, including OtterCookie-related collection behavior.
Eleven Hours: Inside the Lazarus Operator’s Disk After the Fake Interview Campaign 20.05.2026 25:40
A live adversary server. Two password changes. Eleven hours. Episode 04 follows the forensic window where researchers preserved a contested Windows machine used in a Lazarus-attributed fake-interview campaign, uncovering the operator workbench behind the lures: campaign archives, fake-company material, targeting pipelines, wallet artifacts, browser traces, and signs of AI-assisted workflow.
The Factory: How a Lazarus-Attributed Credential Pipeline Collected Its Own Operators 14.05.2026 31:15
Episode 3 focuses on the operator side of the campaign: - why the collection pipeline did not distinguish between targets and operators; - how operator workstations appeared in material collected by the campaign; - how those workstations exposed social-engineering workflow, persona infrastructure, testing behavior, provisioning activity, and command structure; - why OtterCookie should be understoo...
Trailer: The Fake Interview 07.05.2026 1:19
A fake coding interview. A malicious repository. A real developer workstation. The Fake Interview is a Red Asgard narrative investigation into a DPRK-linked, Lazarus-attributed campaign targeting developers, Web3 engineers, and freelance technologists through job offers, coding tests, and trust. Start with Episode 1: Real Blood on the Wire.
The Repository That Called Home: Lazarus, Fake Interviews, and Malicious Code 06.05.2026 24:23
Episode 2 of The Fake Interview follows the first repository: a fake software project delivered through a job interview that behaved like real work until the moment it called home. We examine how a malicious coding test abused normal developer behavior: opening a project, trusting a workspace, installing dependencies, running local code, and debugging what looked like a broken app. This episode co...
Real Blood on the Wire: How a Fake Coding Interview Exposed Lazarus Credential Theft 29.04.2026 25:41
In this episode of The Fake Interview, we investigate how a fake coding interview became a credential theft operation targeting software developers, Web3 engineers, and cryptocurrency workers. Topics covered: - Lazarus / DPRK-linked Contagious Interview activity - malicious coding tests - developer workstation compromise - credential theft - malware infrastructure - threat intelligence lessons for...
Similar podcasts
Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.