Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer

A

Admin User

Administrator of InfoSecCenter. Passionate about cybersecurity, information security, and technology.

Save

A sophisticated supply chain attack has emerged in the software development ecosystem, with researchers identifying hijacked npm and Go packages that leverage Visual Studio Code tasks to deploy a Python-based information stealer across multiple platforms. This novel approach demonstrates how threat actors continuously adapt their techniques to bypass security controls and exploit developer tools in unexpected ways.

The attack involves two compromised npm packages and a cluster of malicious Go packages that target developers and organizations utilizing these popular repositories. What makes this campaign particularly concerning is its cross-platform capability—successfully compromising Windows, Linux, and macOS systems with the same underlying infostealer payload. The attackers have demonstrated significant technical sophistication by avoiding traditional npm execution paths through lifecycle scripts, which are commonly monitored by security tools. Instead, they have ingeniously exploited VS Code tasks, a less scrutinized feature, to deliver their malicious code. This approach appears specifically designed to circumvent the security hardenings

Share

Shares: 0
LinkedIn WhatsApp Pinterest Print

You might also like

Comments (0)

Leave a Comment

No comments yet. Be the first to comment!