North Korean hackers target Microsoft Virtual Studio Code

• Lazarus group’s Contagious Interview campaign abuses Visual Studio Code via malicious Git repositories
• Attackers deliver JavaScript payloads on macOS, enabling persistent data harvesting and C2 communication
• Jamf urges enabling advanced threat controls and caution with untrusted repositories

As part of the infamous Contagious Interview campaign, North Korean threat actors were seen abusing legitimate Microsoft Visual Studio Code in their attacks.

Contagious Interview is a hacking campaign in which the Lazarus group (and other state-sponsored North Korean actors) create fake jobs and invite software and blockchain developers in Western countries for interviews.

During the interview process, they trick the victims into deploying malware on their devices, granting the attackers unabated access to their computers, as well as their current employers’ networks.