New ‘StoatWaffle’ malware auto‑executes attacks on developers
Summary
A new malware strain called 'StoatWaffle' has been identified, evolving the 'Contagious Interview' threat campaign targeting developers. This malware automates attacks by embedding malicious VS Code configuration files in decoy project repositories, allowing for code execution upon opening a folder.
IFF Assessment
This malware represents an advancement in attacker techniques, making it easier to compromise developer environments and leading to potential widespread impact.
Defender Context
Developers and security teams need to be vigilant about opening new project repositories, especially those themed around popular development areas like blockchain. Defenders should monitor for unusual VS Code activity and ensure development environments are secured against unauthorized configuration changes.