Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer
Summary
Cybersecurity researchers have discovered hijacked npm and Go packages that deploy a Python-based infostealer across Windows, Linux, and macOS. The attack method bypasses common npm execution paths, likely to circumvent npm v12's security enhancements.
IFF Assessment
FOE
The discovery of new malware and attack techniques that target multiple operating systems represents a threat to defenders.
Defender Context
This discovery highlights the ongoing threat of supply chain attacks where malicious code is injected into legitimate software packages. Defenders should maintain vigilance regarding dependencies, employ robust code scanning and monitoring, and be cautious of unexpected package behavior or updates, especially those attempting to evade common security controls.