North Korea’s Famous Chollima group has significantly expanded the Contagious Interview campaign, embedding malicious code into widely-used npm and PyPI packages, including the popular axios library, to steal cryptocurrency wallets and source code from software developers. The operation now uses AI-generated commits to evade detection and a legitimate registered U.S. LLC as cover infrastructure, representing an increase in operational maturity. Organizations with developers working in Web3, Solana, or any project consuming the affected packages face direct risk of credential theft, source code exfiltration, and full system compromise across Windows, Linux, and macOS.