Summary

The article discusses a new tactic by North Korean threat actors, known as the Contagious Interview campaign or WaterPlum, to distribute the StoatWaffle malware using Microsoft Visual Studio Code (VS Code) projects. This method involves exploiting VS Code's "tasks.json" feature to deploy malware.

Key Points

• The threat actors are associated with the Contagious Interview campaign, also known as WaterPlum.
• They have developed a malware family called StoatWaffle.
• The distribution method involves malicious VS Code projects.
• The tactic uses the "tasks.json" file in VS Code to execute the malware.
• This approach has been in use since December 2025.

Analysis

The exploitation of VS Code's "tasks.json" feature by North Korean hackers represents a significant evolution in malware distribution tactics. By leveraging a popular development tool like VS Code, the attackers can potentially reach a wide range of developers and IT professionals, increasing the risk of infection. This highlights the need for heightened security awareness and scrutiny of development environments.

Conclusion

IT professionals should be vigilant about the integrity of their development environments, especially when using tools like VS Code. Regularly updating software and scrutinizing project files for any unauthorized changes can help mitigate the risk of malware infections like StoatWaffle.