North Korea-Linked Threat Actors Abuse VS Code Auto-Run to Spread StoatWaffle Malware

North Korea-linked threat actors, specifically the group identified as Team 8, are abusing the auto-run feature in Microsoft Visual Studio Code (VS Code) to distribute the StoatWaffle malware. The attack leverages malicious VS Code projects that execute automatically when a folder is opened, exploiting the "tasks.json" configuration file. This campaign, part of the broader "Contagious Interview" operation, has been active since late 2025. The malware is deployed through compromised development environments, though no specific CVE IDs or additional technical indicators were mentioned. The primary impact involves unauthorized code execution upon interaction with the malicious projects.