URGENT UPDATE: North Korean hackers are exploiting vulnerabilities in Microsoft Visual Studio Code to launch sophisticated cyber attacks. The infamous Lazarus Group is behind these efforts, utilizing a method dubbed the Contagious Interview campaign to target unsuspecting software and blockchain developers in Western nations.
Reports from security researchers at Jamf detail how attackers create fake job offers, luring victims into deploying malicious software during interview processes. This tactic has proven alarmingly effective, contributing to some of the largest cryptocurrency heists in recent history.
As part of the attack strategy, hackers set up malicious Git repositories on platforms like GitHub and GitLab. They deceive victims into cloning these repositories and opening them with Visual Studio Code. Once opened, the software prompts users to trust the repository’s author. If the victim complies, a tasks.json configuration file executes embedded commands that install a JavaScript payload on macOS devices.
This malicious code establishes a persistent loop that harvests sensitive information, including hostname, MAC addresses, and operating system details, while maintaining communication with a remote Command-and-Control (C2) server. The backdoor periodically sends system data and receives new malicious instructions, amplifying the risks for compromised devices.
Jamf has issued a critical warning, advising users to enable Threat Prevention and Advanced Threat Controls on their Mac systems to mitigate these risks. The company emphasizes the importance of scrutinizing third-party repositories, particularly those from unfamiliar sources, before designating them as trusted in Visual Studio Code.
“Developers should remain cautious when interacting with third-party repositories,” the Jamf report states. “Before marking a repository as trusted, it’s essential to review its contents thoroughly.”
As this situation develops, tech users are urged to stay vigilant and prioritize cybersecurity measures. The implications of these attacks extend beyond individual users, threatening the integrity of larger networks and sensitive data across industries.
Stay informed and share this urgent news with your networks to raise awareness about this significant cybersecurity threat.
