Opening This VS Code Project Installs North Korean Malware—No Click Required

The Attack: Open a Folder, Lose Your Passwords

Visual Studio Code supports a feature called "tasks" that automate routine development workflows like building code, running tests, or deploying applications. Tasks are defined in a .vscode/tasks.json file inside a project folder. One configuration option, runOn: folderOpen, tells VS Code to execute the task automatically when the project is opened.

WaterPlum, also tracked as Contagious Interview, is exploiting this feature to distribute StoatWaffle. The group creates convincing looking GitHub repositories or sends project files to targets through fake job interviews on LinkedIn. When the victim opens the project in VS Code, the malicious task executes immediately, with no additional clicks, prompts, or warnings required.

What StoatWaffle Steals

The malware first checks if Node.js is installed on the victim's machine. If it is not, StoatWaffle downloads and installs it from official sources to avoid triggering security alerts. Once Node.js is available, the malware launches a downloader that polls external Vercel hosted servers for additional payloads.

StoatWaffle delivers two modular components:

• Stealer module: Extracts saved passwords, cookies, and browser extension data from every Chromium based browser (Chrome, Edge, Brave, Arc) and Firefox. On macOS, it also targets the iCloud Keychain, giving attackers access to credentials synchronized across all Apple devices.
• Remote access module: Provides the attacker with persistent access including directory traversal, file operations, shell command execution, and the ability to self terminate to avoid detection.

The combination means that within seconds of opening a malicious project, the attacker has your browser passwords, session cookies, cryptocurrency wallet extensions, and a backdoor into your machine.

Who Is WaterPlum

WaterPlum, also known as Contagious Interview, is a North Korean threat group that has been targeting software developers and cryptocurrency professionals since at least 2023. The group's primary tactic is social engineering through fake job interviews. They contact developers on LinkedIn, pitch a lucrative job opportunity, and ask the candidate to complete a "coding challenge" that requires opening a project in VS Code or running an npm package.

The StoatWaffle campaign is not the group's only operation. WaterPlum simultaneously maintains malicious npm packages, compromised GitHub organizations including Neutralinojs, and social engineering campaigns targeting cryptocurrency sector leaders. The revenue generated from stolen cryptocurrency is believed to fund North Korea's weapons programs.

Microsoft's Fix and Its Limits

Microsoft addressed the auto run task vector in VS Code version 1.109, released in January 2026. The update changed the default value of task.allowAutomaticTasks from "on" to "off" and added workspace level override prevention, meaning a malicious project can no longer force the setting back on.

However, this only protects developers who have updated to version 1.109 or later. Anyone running an older version of VS Code remains vulnerable. Additionally, the fix only addresses the auto run vector. WaterPlum has multiple other distribution methods, including malicious npm packages and direct social engineering, that do not depend on VS Code's task system.

A Growing Pattern of Developer Targeted Attacks

StoatWaffle is part of a broader trend of attacks targeting software developers through their tools and supply chains. In recent months, attackers have used compromised Chrome extensions to steal corporate credentials, trojanized IDE extensions to deploy blockchain based malware, and even turned the popular Trivy security scanner into a malware distribution vector.

Developers are high value targets because they typically have access to source code repositories, cloud infrastructure credentials, API keys, and production deployment pipelines. Compromising a single developer can give an attacker access to an entire organization's codebase and infrastructure. A separate campaign is now flooding GitHub Discussions with fake VS Code security alerts that install malware when developers click the bogus patch.

How to Protect Yourself

If you are a developer using VS Code:

• Update VS Code to version 1.109 or later. This disables automatic task execution by default and prevents malicious projects from overriding the setting.
• Inspect .vscode/tasks.json before opening any project. Look for runOn: folderOpen in any task configuration. Legitimate projects rarely need this setting.
• Be skeptical of coding challenges from recruiters. If a job opportunity requires you to clone and run a project, review the code thoroughly before opening it. Verify the recruiter's identity independently through the company's official channels.
• Use separate browser profiles for development. Keep your personal passwords and cryptocurrency wallets in a browser profile that is not active during development work.
• Enable two factor authentication everywhere. Even if an infostealer captures your passwords, 2FA can prevent account takeover for services that support hardware security keys.

The Threat Is Operational

WaterPlum is not a theoretical risk. The group is actively running campaigns, targeting real developers, and stealing real credentials and cryptocurrency. The StoatWaffle malware works on Windows, macOS, and Linux. It is professionally built, modular, and designed to avoid detection by installing dependencies from legitimate sources.

If you receive an unsolicited job offer that involves opening a GitHub repository or running a coding challenge, treat it as a potential attack until proven otherwise. The folder you open might look like a standard Node.js project. The malware hidden inside does not.