TasksJacker DPRK Attack Compromises GitHub Users Via VS Code Tasks
ID: d86aed59-00c4-5da7-8eac-91783d5e0f33
STIX ID: report--d86aed59-00c4-5da7-8eac-91783d5e0f33
Feed Name: OpenSourceMalware Blog
Date Published: 2026-03-31
Date Updated: 2026-06-20
Author: c0a15726-c5b1-4b0d-85e6-fe15553df9e2
### Executive summary This report analyzes "TasksJacker," an active, sophisticated DPRK-linked supply-chain campaign that injects malicious VS Code task files into hundreds of GitHub repositories to achieve silent code execution when developers open projects; the actors use git history rewriting to hide changes and a resilient multi-blockchain C2 (TRON/Aptos/BSC) to host encrypted payloads, leading to credential and crypto theft, persistence, and downstream upstream PR injection (PolinRider) affecting high-value projects.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
