Illicit Microsoft Visual Studio Code projects have been harnessed by North Korean hackers to compromise software engineers in the cryptocurrency, fintech, and blockchain sectors with malware as part of the Contagious Interview campaign, The Hacker News reports.Opening and cloning the malicious Git repository via VS Code automates processing of the repository's tasks.json configuration file, leading to the execution of a background shell command fetching a JavaScript payload that was then connected to macOS systems' Node.js runtime, according to an analysis from Jamf Threat Labs. Included in the Vercel-hosted JavaScript payload is the primary backdoor logic enabling host information exfiltration and remote server communications for subsequent remote code execution and system fingerprinting activities.Such findings follow a Red Asgard report detailing the exploitation of a VS Code task configuration to facilitate the eventual deployment of the Tsunami backdoor, also known as TsunamiKit, and the XMRig cryptominer."This activity highlights the continued evolution of DPRK-linked threat actors, who consistently adapt their tooling and delivery mechanisms to integrate with legitimate developer workflows," said Jamf researchers.
Threat Intelligence, Supply chain
VS Code projects weaponized in developer-targeted Contagious Interview campaign

(Adobe Stock)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



