StoatWaffle Malware

A North Korean threat cluster, tracked as Contagious Interview and also known as WaterPlum, has been linked to a sophisticated malware family called StoatWaffle. This campaign specifically targets developers by weaponizing malicious Microsoft Visual Studio Code (VS Code) projects, signaling a dangerous evolution in supply chain attacks within the software development ecosystem.

Weaponizing VS Code: The Abuse of tasks.json

A notable innovation in this campaign is the exploitation of VS Code's tasks.json configuration file. Since December 2025, attackers have leveraged the 'runOn: folderOpen' setting to automatically execute malicious tasks whenever a project folder is opened.

This technique ensures consistent execution without requiring explicit user interaction. The malicious task retrieves payloads from a remote web application hosted on Vercel, operating independently of the underlying operating system. Although analysis environments often focus on Windows, the attack logic remains consistent across platforms.

Multi-Stage Payload Delivery via Node.js

Once executed, the malware initiates a structured, multi-stage infection process:

• The payload verifies whether Node.js is installed on the host system.
• If absent, Node.js is downloaded from its official source and installed silently.
• A downloader component is launched, periodically contacting a remote server.
• This downloader retrieves additional payloads, which execute as Node.js code and continue the infection chain through successive stages.

This layered approach enhances persistence and complicates detection by security tools.

Inside StoatWaffle: Modular Malware Capabilities

StoatWaffle is designed as a modular framework built on Node.js, enabling flexible deployment of multiple malicious components. Its primary modules include:

Credential Stealer: Extracts sensitive data from Chromium-based browsers and Mozilla Firefox, including saved credentials and extension data. On macOS systems, it also targets the iCloud Keychain database. All harvested data is exfiltrated to a Command-and-Control (C2) server.
Remote Access Trojan (RAT): Establishes persistent communication with the C2 server, allowing attackers to execute commands remotely. Capabilities include file system navigation, command execution, file upload, keyword-based file searches, and self-termination.
Expanding the Attack Surface: Open-Source Ecosystem Exploitation

The campaign aligns with a broader pattern of attacks targeting open-source platforms and developer workflows. Notable operations include:

• Distribution of PylangGhost, a Python-based backdoor, via malicious npm packages, marking its first observed propagation through this channel.
• The PolinRider campaign, which injected obfuscated JavaScript into hundreds of GitHub repositories, leading to the deployment of an updated BeaverTail malware variant.
• Compromise of repositories within the Neutralinojs GitHub organization by hijacking a contributor account with elevated privileges. Malicious code was force-pushed to retrieve encrypted payloads embedded in blockchain transactions across Tron, Aptos, and Binance Smart Chain networks.

Victims in these scenarios were often infected through compromised VS Code extensions or malicious npm packages.

Social Engineering Tactics: Fake Interviews and Developer Targeting

Initial access is frequently achieved through highly convincing recruitment scams. Attackers simulate legitimate technical interview processes, persuading targets to execute malicious code hosted on platforms such as GitHub, GitLab, or Bitbucket.

The targeting strategy focuses on high-value individuals, including founders, CTOs, and senior engineers in cryptocurrency and Web3 sectors. These roles often provide access to critical infrastructure and digital assets. In one documented case, an attempted attack targeted the founder of AllSecure.io using a fabricated job interview scenario.

To enhance credibility, attackers create fake company profiles on LinkedIn and maintain seemingly legitimate GitHub accounts. Additional techniques include the use of ClickFix, a social engineering method that disguises malware delivery as skill assessment tasks.

Strategic Objectives: Beyond Cryptocurrency Theft

Although cryptocurrency theft appears to be a primary motivation, the broader intent extends to supply chain compromise and corporate espionage. By infiltrating developer environments, attackers gain opportunities to propagate malicious code into downstream software projects or access sensitive organizational data.

Strengthening VS Code Security

In response to the abuse of VS Code tasks, Microsoft introduced critical security enhancements:

• The January 2026 update (version 1.109) introduced the task.allowAutomaticTasks setting, which is disabled by default to prevent automatic execution of tasks defined in tasks.json.
• This setting cannot be overridden at the workspace level, preventing malicious repositories from bypassing user-defined security preferences.
• Subsequent updates, including version 1.110 released in February 2026, added a secondary warning prompt when auto-run tasks are detected in newly opened workspaces, reinforcing user awareness even after Workspace Trust is granted.

Conclusion: A Growing Threat to Developer Security

The StoatWaffle campaign highlights a significant shift in attacker strategy, focusing on development environments and trusted workflows. By combining technical exploitation with advanced social engineering, threat actors continue to blur the line between legitimate and malicious activity, emphasizing the need for heightened vigilance across the software development lifecycle.