The North Korean threat actors behind the Contagious Interview campaign, also tracked as WaterPlum, have been attributed to a malware family tracked as StoatWaffle that’s distributed via malicious Microsoft Visual Studio Code (VS Code) projects.
The use of VS Code “tasks.json” to distribute malware is a relatively new tactic adopted by the threat actor since December 2025, with the attacks leveraging the “runOn: folderOpen” option to automatically trigger its execution every time any file in the project folder is opened in VS Code.
“This task is configured so that it downloads data from a web application on Vercel regardless of executing OS [operating system],” NTT Security said in a report published last week. “Though we assume that the executing OS is Windows in this article, the essential behaviors are the same for any OS.”
The downloaded payload first checks whether Node.js is installed in the executing environment. If it’s absent, the malware downloads Node.js from the official website and installs it. Subsequently, it proceeds to launch a downloader, which periodically polls an external server to fetch a next-stage downloader that exhibits identical behavior by reaching out to another endpoint on the same server and executing the received response as Node.js code.
StoatWaffle has been found to deliver two different modules –
- A stealer that captures credentials and extension data stored in web browsers (Chromium-based browsers and Mozilla Firefox) and uploads them to a command-and-control (C2) server. If the compromised system runs on macOS, it also steals the iCloud Keychain database.
- A remote access trojan (RAT) that communicates with the C2 server to fetch and execute commands on the infected host. The commands allow the malware to change the current working directory, enumerate files and directories, execute Node.js code, upload file, recursively search the given directory and list or upload files matching a certain keyword, run shell commands, and terminate itself.
“StoatWaffle is a modular malware implemented by Node.js, and it has Stealer and RAT modules,” the Japanese security vendor said. “WaterPlum is continuously developing new malware and updating existing ones.”
The development coincides with various campaigns mounted by the threat actor targeting the open-source ecosystem –
- A set of malicious npm packages that distribute the PylangGhost malware, marking the first time the malware has been propagated via npm packages.
- A campaign known as PolinRider has implanted a malicious obfuscated JavaScript payload in hundreds of public GitHub repositories that culminates in the deployment of a new version of BeaverTail, a known stealer and downloader malware attributed to Contagious Interview.
- Among the compromises are four repositories belonging to the Neutralinojs GitHub organization. The attack is said to have compromised the GitHub account of a long-time neutralinojs contributor with organization-level write access to force-push JavaScript code that retrieves encrypted payloads in Tron, Aptos, and Binance Smart Chain (BSC) transactions to download and run BeaverTail. The victims are believed to have been infected via a malicious VS Code extension or an npm package.
Microsoft, in an analysis of Contagious Interview this month, said the threat actors achieve initial access to developer systems through “convincingly staged recruitment processes” that mirror legitimate technical interviews, ultimately persuading victims into running malicious commands or packages hosted on GitHub, GitLab, or Bitbucket as part of the assessment.
In some cases, targets are approached on LinkedIn. However, the individuals chosen for this social engineering attack are not junior developers, but rather founders, CTOs, and senior engineers in the cryptocurrency or Web3 sector, who are likely to have elevated access to the company’s tech infrastructure and cryptocurrency wallets. A recent incident involved the attackers unsuccessfully targeting the founder of AllSecure.io via a fake job interview.
Some of the key malware families deployed as part of these attack chains include OtterCookie (a backdoor capable of extensive data theft), InvisibleFerret (a Python-based backdoor), and FlexibleFerret (a modular backdoor implemented in both Go and Python). While InvisibleFerret is known to be typically delivered via BeaverTail, recent intrusions have been found to distribute the malware as a follow-on payload, after leveraging initial access obtained through OtterCookie.
It’s worth mentioning here that FlexibleFerret is also referred to as WeaselStore. Its Go and Python variants go by the monikers GolangGhost and PylangGhost, respectively.
In a sign that the threat actors are actively refining their tradecraft, newer mutations of the VS Code projects have eschewed Vercel-based domains for GitHub Gist-hosted scripts to download and execute next-stage payloads that ultimately lead to the deployment of FlexibleFerret. These VS Code projects are staged on GitHub.
“By embedding targeted malware delivery directly into interview tools, coding exercises, and assessment workflows developers inherently trust, threat actors exploit the trust job seekers place in the hiring process during periods of high motivation and time pressure, lowering suspicion and resistance,” the tech giant said.
In response to the ongoing abuse of VS Code Tasks, Microsoft has included a mitigation in the January 2026 update (version 1.109) that introduces a new “task.allowAutomaticTasks” setting, which defaults to “off” in order to improve security and prevent unintended execution of tasks defined in “tasks.json” when opening a workspace.
“The update also prevents the setting from being defined at the workspace level, so malicious repositories with their own .vscode/settings.json file should not be able to override the user (global) setting,” Abstract Security said.
“This version and the recent February 2026 (version 1.110) release also introduce a secondary prompt that warns the user when an auto-run task is detected in a newly opened workspace. This acts as an additional guard after a user accepts the Workspace Trust prompt.”
In recent months, North Korean threat actors have also been engaging in a coordinated malware campaign targeting cryptocurrency professionals through LinkedIn social engineering, fake venture capital firms, and fraudulent video conferencing links. The activity shares overlap with clusters tracked as GhostCall and UNC1069.
“The attack chain culminates in a ClickFix-style fake CAPTCHA page that tricks victims into executing clipboard-injected commands in their Terminal,” MacPaw’s Moonlock Lab said. “The campaign is cross-platform by design, delivering tailored payloads for both macOS and Windows.”
The findings come as the U.S. Department of Justice (DoJ) announced the sentencing of three men — Audricus Phagnasay, 25, Jason Salazar, 30, and Alexander Paul Travis, 35 — for their roles in furthering North Korea’s fraudulent information technology (IT) worker scheme in violation of international sanctions. All three individuals previously pleaded guilty in November 2025.
Phagnasay and Salazar were both sentenced to three years of probation and a $2,000 fine. They were also ordered to forfeit the illicit proceeds gained by participating in the wire fraud conspiracy. Travis was sentenced to one year in prison and ordered to forfeit $193,265, the amount earned by North Koreans by using his identity.
“These men practically gave the keys to the online kingdom to likely North Korean overseas technology workers seeking to raise illicit revenue for the North Korean government — all in return for what to them seemed like easy money,” Margaret Heap, U.S. attorney for the Southern District of Georgia, said in a statement.
Last week, Flare and IBM X-Force published a detailed look at the IT worker operation and its internal structure, while highlighting how IT workers attend prestigious universities in North Korea and go through a rigorous interview process themselves before joining the scheme.
They are “considered elite members of North Korean society and have become an indispensable part of the overall North Korean government’s strategic objectives,” the companies noted. “These objectives include, but are not limited to, revenue generation, remote employment activity, theft of corporate and proprietary information, extortion, and providing support to other North Korean groups.”
