The newly observed malware abuses VS Code’s “runOn:folderOpen” feature to execute automatically from trusted projects, enabling near-frictionless compromise.
North Korean hackers exploit VS Code tasks.json auto-run since Dec 2025 to deploy StoatWaffle malware, stealing data and enabling remote control.
XDA Developers on MSN
I self-hosted my own Cloudflare Workers replacement, and it's incredibly simple
And more useful than I thought.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results