A sophisticated supply chain attack has emerged in the software development ecosystem, with researchers identifying hijacked npm and Go packages that leverage Visual Studio Code tasks to deploy a Python-based information stealer across multiple platforms. This novel approach demonstrates how threat actors continuously adapt their techniques to bypass security controls and exploit developer tools in unexpected ways.
The attack involves two compromised npm packages and a cluster of malicious Go packages that target developers and organizations utilizing these popular repositories. What makes this campaign particularly concerning is its cross-platform capability—successfully compromising Windows, Linux, and macOS systems with the same underlying infostealer payload. The attackers have demonstrated significant technical sophistication by avoiding traditional npm execution paths through lifecycle scripts, which are commonly monitored by security tools. Instead, they have ingeniously exploited VS Code tasks, a less scrutinized feature, to deliver their malicious code. This approach appears specifically designed to circumvent the security hardenings
Comments (0)
Leave a Comment
No comments yet. Be the first to comment!