logo

TasksJacker DPRK Attack Compromises GitHub Users Via VS Code Tasks

ID: d86aed59-00c4-5da7-8eac-91783d5e0f33

STIX ID: report--d86aed59-00c4-5da7-8eac-91783d5e0f33

Feed Name: OpenSourceMalware Blog

Threat Score
95/100

Date Published: 2026-03-31

Date Updated: 2026-06-20

Author: c0a15726-c5b1-4b0d-85e6-fe15553df9e2

...
...

### Executive summary This report analyzes "TasksJacker," an active, sophisticated DPRK-linked supply-chain campaign that injects malicious VS Code task files into hundreds of GitHub repositories to achieve silent code execution when developers open projects; the actors use git history rewriting to hide changes and a resilient multi-blockchain C2 (TRON/Aptos/BSC) to host encrypted payloads, leading to credential and crypto theft, persistence, and downstream upstream PR injection (PolinRider) affecting high-value projects.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.