Hijacked npm and Go Packages Deploy Python Infostealer via VS Code Tasks
Compromised npm and Go packages are distributing a Python infostealer across Windows, Linux, and macOS by abusing VS Code tasks, potentially bypassing security measures.
Cybersecurity researchers have uncovered a sophisticated supply-chain attack campaign that leverages hijacked npm and Go packages to distribute a potent Python-based information stealer. The malware targets Windows, Linux, and macOS systems, employing a novel technique that hides its execution within Visual Studio Code tasks. This method aims to evade common security defenses, including recent hardening efforts in npm.
The attack chain begins when a developer opens a compromised project folder in an IDE like VS Code or Cursor. A hidden VS Code task, named 'eslint-check' and configured to run automatically upon folder opening, triggers the malicious code. This task is designed to bypass security features that might otherwise prevent execution from lifecycle scripts. The malware then retrieves encrypted JavaScript from blockchain transaction data, establishing a connection to attacker-controlled infrastructure and launching a Socket.io backdoor.
Researchers identified two compromised npm packages, 'html-to-gutenberg' and 'fetch-page-assets,' which were uploaded on May 25, 2026, and have since been removed from the registry. The malicious payload is disguised as a font file named 'fa-solid-400.woff2' within the project, but it actually contains JavaScript code. This obfuscation technique, coupled with the abuse of VS Code auto-run tasks, has been previously attributed to North Korean threat actors and is linked to the 'Fake Font' campaign, a variant of the long-running 'Contagious Interview' operation targeting software developers.
The campaign utilizes blockchain infrastructure, specifically TronGrid and Aptos, as a dead drop resolver to fetch the next stage of the JavaScript payload. This resilient mechanism makes the malware harder to disrupt. The retrieved JavaScript payload then establishes a command-and-control (C2) server, enabling features like file uploads and the delivery of the final Python infostealer.
The Socket.io backdoor provides attackers with extensive remote control over infected hosts, including shell execution, clipboard harvesting, file system operations, process management, and arbitrary JavaScript execution. Concurrently, a Python loader component is deployed to retrieve and install the main Python infostealer from the C2 server.
The Python infostealer is designed to harvest a wide array of sensitive data. This includes credentials from Chromium-based and Mozilla Firefox browsers, password managers, authenticator apps, and cryptocurrency wallets. It also targets developer-specific information such as Git credentials, GitHub configurations, VS Code global storage, and data from various OS credential managers (Windows Credential Manager, Linux Secret Service, macOS Keychain) and cloud storage services.
In addition to the npm packages, a cluster of 16 Go packages were also found to contain the same malware. These packages, including names like 'github.com/lambda-platform/lambda' and 'github.com/reauheau/goaubio,' were similarly compromised, often with the malware included alongside legitimate code in their latest versions. This dual targeting of popular development ecosystems highlights the broad reach of the campaign.
Users who may have installed these packages are strongly advised to remove them immediately. Furthermore, security teams should investigate developer machines for hidden VS Code tasks and rotate all credentials, tokens, API keys, and wallet information. The attackers' interest in both immediate data theft and persistent access underscores the significant risk posed by this campaign.