The North Korean threat actors behind the Contagious Interview campaign, also tracked as WaterPlum, have been attributed to a malware family tracked as StoatWaffle that's distributed via malicious Microsoft Visual Studio Code (VS Code) projects. The use of VS Code "tasks.json" to distribute malware is a relatively new tactic adopted by the threat actor since December 2025, with the attacks
![]()
source https://thehackernews.com/2026/03/north-korean-hackers-abuse-vs-code-auto.html
source https://thehackernews.com/2026/03/north-korean-hackers-abuse-vs-code-auto.html