Contagious Interview: Tracking the VS Code Tasks Infection Vector

This report documents a DPRK-attributed 'Contagious Interview' campaign that abuses VS Code tasks.json (runOn: folderOpen) to execute malicious commands, leading to delivery of BeaverTail and InvisibleFerret malware and distribution of a malicious npm package (jsonwebauth); it includes GitHub search queries, indicators (domains, commit emails, personas, repositories), analysis of obfuscation and payload-hosting patterns, and recommended mitigations and detections.