Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1794+ Articles
149+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
  1. Home
  2. News
  3. Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer
Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer
NEWS

Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer

Attackers poisoned at least 18 npm and Go packages with a novel technique: hiding malware in .vscode/tasks.json auto-run tasks, bypassing npm v12's...

Dylan H.

News Desk

June 29, 2026
4 min read

Security researchers at JFrog and Nextron Research have uncovered a supply chain campaign that weaponizes VS Code's workspace task runner to bypass npm's lifecycle script security controls. At least 18 poisoned packages — spanning npm and Go — were observed delivering a Python infostealer capable of exfiltrating credentials, crypto wallets, and cloud storage tokens across Windows, Linux, and macOS.

The Novel Bypass Technique

npm v12 introduced hardened restrictions on lifecycle scripts (preinstall, postinstall, install) that had long been abused for malicious code execution during package installation. This campaign sidesteps that defence entirely by embedding malware in a .vscode/tasks.json file that declares an auto-run task.

When a developer opens the compromised project folder in VS Code, the editor automatically executes the declared task — no npm install step required, and no lifecycle hook policy blocks it.

VS Code v1.109 (January 2026) introduced "task.allowAutomaticTasks": "off" as a default setting to address this attack class, and v1.110 (February 2026) added a secondary prompt warning when auto-run tasks are detected in newly opened workspaces. Older VS Code installations remain fully exposed.

Affected Packages

JFrog identified two malicious npm packages uploaded on May 25, 2026 (since removed from the registry):

  • html-to-gutenberg v4.2.11
  • fetch-page-assets v1.2.9

Nextron Research independently identified 16 additional Go packages where attackers had injected malware into the latest release of otherwise-legitimate modules.

Attack Chain

Once the VS Code task fires, the malware executes the following sequence:

  1. Blockchain dead-drop C2: Retrieves encrypted JavaScript payload from a blockchain transaction — a technique that makes the C2 channel difficult to block via domain or IP filtering.
  2. Socket.io backdoor: Establishes a persistent reverse channel to attacker infrastructure.
  3. Python infostealer download and execution: Fetches and runs the main stealer payload.

The Python stealer optionally exfiltrates stolen data both to the C2 server and to a Telegram bot channel.

What the Infostealer Targets

The payload is comprehensive in scope:

  • Browser credentials: Chromium and Firefox saved passwords, cookies, and session tokens
  • Password managers: Vault data from popular cross-platform managers
  • Authenticator apps: TOTP seed exports where accessible
  • Crypto wallets: Browser extension wallets and desktop wallet files
  • Developer credentials: Git config (username/email/tokens), GitHub CLI (~/.config/gh), GitHub Desktop session tokens
  • VS Code artifacts: Global storage, settings sync tokens, extension authentication
  • OS credential stores: Windows Credential Manager, Linux Secret Service (libsecret/GNOME Keyring), macOS Keychain
  • Cloud storage metadata: Dropbox, Google Drive, OneDrive, iCloud, Box, Mega, pCloud — OAuth tokens and sync configs

All harvested data is ZIPped and exfiltrated before the process cleans up after itself.

Who Is at Risk

Any developer who:

  • Clones or opens an affected package's repository directly in VS Code (rather than consuming it as a dependency)
  • Runs a VS Code version older than 1.109
  • Has "task.allowAutomaticTasks" set to anything other than "off"

The attack is particularly dangerous in CI/CD pipelines where repositories are checked out and opened programmatically, and in monorepo setups where a compromised transitive dependency's source tree might be present.

Recommended Actions

  1. Update VS Code to at least v1.109 and verify "task.allowAutomaticTasks" is set to "off" in your user settings.
  2. Audit .vscode/tasks.json files in any repository you didn't author — look for tasks with "runOn": "folderOpen" or shell commands that fetch and execute remote content.
  3. Scan Go modules with tools like govulncheck or Nextron's findings list for affected module paths.
  4. Check for Compromise: If you opened an affected package before the removal date (May 25, 2026 onward), rotate all developer credentials, git tokens, crypto wallet keys, and browser session cookies immediately.
  5. Restrict npm registry access in CI: use lockfiles, integrity hashes, and private mirrors that snapshot approved versions.
#Supply Chain#Malware#npm#Infostealer#VS Code#Windows#Linux

Related Articles

Critical SimpleHelp Flaw Exploited to Deploy Djinn Infostealer

Hackers are actively exploiting CVE-2026-48558 in SimpleHelp remote support software to deploy Djinn Stealer, a previously undocumented cross-platform...

5 min read

IronWorm and New Miasma Worm Variant Hit npm in Coordinated Supply Chain Attacks

Two distinct malware campaigns have hit the npm ecosystem simultaneously — IronWorm deploys a Rust-based infostealer via 50+ poisoned packages, while a new…

5 min read

Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware

Researchers have uncovered four malicious npm packages embedding infostealer malware and a Phantom Bot DDoS payload — one of which is a direct clone of...

5 min read
Back to all News