Full Report
Cybersecurity researchers have uncovered two hijacked npm packages and a cluster of Go packages that are designed to deploy a Python-based information stealer on compromised Windows, Linux, and macOS hosts. "This attack avoids the most common npm execution paths through lifecycle scripts, perhaps in an attempt to remain 'compatible' with npm v12's security hardenings," JFrog said in a
Analysis Summary
# Tool/Technique: VS Code Task Injection & InvisibleFerret
## Overview
This attack involves a sophisticated supply chain compromise where malicious npm and Go packages leverage a hidden "auto-run" feature in Visual Studio Code (VS Code) to execute malware. By using VS Code tasks instead of traditional npm lifecycle scripts, the attackers bypass common security hardenings. The primary goal is the deployment of **InvisibleFerret**, a multi-platform Python information stealer and backdoor targeting developers.
## Technical Details
- **Type:** Malware family (InvisibleFerret) / Supply Chain Technique (VS Code Task Injection)
- **Platform:** Windows, Linux, macOS
- **Capabilities:** Credential theft, cryptocurrency wallet hijacking, developer artifact harvesting, and remote shell access.
- **First Seen:** Activity reported in May 2026 (building on campaigns dating back to 2023).
## MITRE ATT&CK Mapping
- **[TA0001 - Initial Access]**
- [T1195.001 - Supply Chain Compromise: Compromise Software Dependencies]
- **[TA0002 - Execution]**
- [T1059.006 - Command and Scripting Interpreter: Python]
- [T1564.001 - Hide Artifacts: Hidden Files and Directories]
- **[TA0011 - Command and Control]**
- [T1102.001 - Web Service: Dead Drop Resolver]
- [T1071.001 - Application Layer Protocol: Web Protocols]
- **[TA0009 - Collection]**
- [T1539 - Steal Web Session Cookie]
- [T1555 - Credentials from Web Browsers]
## Functionality
### Core Capabilities
- **Execution via IDE:** Uses `.vscode/tasks.json` with the `runOn: folderOpen` attribute to trigger code execution when a developer opens the project folder.
- **Dead Drop Resolvers:** Fetches encrypted payload locations from blockchain transactions (TronGrid and Aptos) to ensure the C2 infrastructure is resilient against takedowns.
- **Payload Masquerading:** Disguises JavaScript code as font files (e.g., `.woff2`) to evade basic file-type scanners.
### Advanced Features
- **Comprehensive Data Theft:** Specifically targets developer-centric data including Git credentials, GitHub CLI configs, VS Code global storage, and cloud storage metadata (Dropbox, iCloud, etc.).
- **Socket.io Backdoor:** Establishes a persistent, interactive connection allowing the attacker to perform real-time actions like clipboard harvesting and process management.
- **Cross-Platform Compatibility:** The Python-based infostealer is designed to identify the host OS and interact with platform-specific credential stores (macOS Keychain, Linux Secret Service, Windows Credential Manager).
## Indicators of Compromise
- **File Names:**
- `public/fonts/fa-solid-400.woff2` (Malicious JS disguised as a font)
- `.vscode/tasks.json` (Containing the "eslint-check" task)
- **Malicious Packages:**
- npm: `html-to-gutenberg`, `fetch-page-assets`
- **Network Indicators:**
- [defanged] hxxps://api.trongrid[.]io
- [defanged] hxxps://fullnode.mainnet.aptoslabs[.]com
- **Behavioral Indicators:**
- VS Code launching unexpected shell processes immediately upon opening a workspace.
- Python processes accessing sensitive directories like `~/.ssh`, `~/.config/github-copilot`, or browser profile folders.
## Associated Threat Actors
- **Fake Font / Contagious Interview:** Linked to North Korean-aligned activity (DPRK) specifically targeting software developers and technical personnel.
## Detection Methods
- **Behavioral Detection:** Monitor for instances where `code.exe` (or the VS Code binary) spawns child processes that execute obfuscated scripts or access credential stores.
- **File Integrity Monitoring:** Scan for hidden `.vscode` directories in downloaded dependencies and alert on tasks configured with `runOn: folderOpen`.
- **YARA Rules:** Search for strings related to TronGrid API calls or specific Socket.io connection patterns inside non-executable files like `.woff2`.
## Mitigation Strategies
- **IDE Hardening:** Disable automatic task execution in VS Code settings (`task.allowAutomaticTasks: "off"`).
- **Workspace Trust:** Never grant "Trusted" status to folders downloaded from untrusted or unverified package maintainers.
- **Dependency Auditing:** Use tools to inspect upstream dependencies for unusual files or hidden directories before integration.
- **Network Filtering:** Block or monitor traffic to known blockchain API gateways unless required for legitimate business operations.
## Related Tools/Techniques
- **Contagious Interview Campaign:** A long-running social engineering operation targeting developers.
- **InvisibleFerret:** The specific Python backdoor used in the final stage of this infection chain.