North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

Overview

The North Korean threat actors behind the Contagious Interview campaign, also tracked as WaterPlum, have been attributed to a malware family tracked as StoatWaffle that's distributed via malicious Microsoft Visual Studio Code (VS Code) projects. The use of VS Code "tasks.json" to distribute malware is a relatively new tactic adopted by the threat actor since December 2025, with the attacks

Organisations Involved

The following organisations are mentioned in relation to this incident: Code Auto, Contagious Interview, Malware
The North Korean, Microsoft, Microsoft Visual Studio Code, North Korean Hackers Abuse.

Multi-Source Coverage

This event has been reported across multiple outlets:

• North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware — thehackernews

Sources: thehackernews. Aggregated by Cybernews Agency pipeline.