North Korean Hackers Exploit VS Code for Malware Deployment

North Korean threat actors linked to the "Contagious Interview" campaign, also tracked as WaterPlum, have been attributed to deploying the StoatWaffle malware through malicious Microsoft Visual Studio Code (VS Code) projects. The attackers exploit VS Code’s "tasks.json" auto-run functionality, a tactic first observed in December 2025. This method represents a novel infection vector targeting developers and development environments. No specific CVE IDs or additional technical indicators were disclosed in the reported findings. The impact involves unauthorized malware deployment via compromised VS Code configurations.