Signal

North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-03-23 18:09 UTCUpdated 2026-03-24 11:58 UTC

rss

securitycso_online

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (2)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (2 domains)

2 top sources shown

New ‘StoatWaffle’ malware auto‑executes attacks on developers

CSO Online · News · csoonline.com · 2026-03-24 11:58 UTC

North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

thehackernews · News · thehackernews.com · 2026-03-23 18:09 UTC

limited source diversity in top sources

View all evidence

Overview

A newly disclosed malware strain dubbed “StoatWaffle” is giving fresh teeth to the notorious, developer-targeting “Contagious Interview” threat campaign.

Score total

1.01

Momentum 24h

Posts

Origins

Source types

Duplicate ratio

All evidence

New ‘StoatWaffle’ malware auto‑executes attacks on developers

CSO Online · csoonline.com · 2026-03-24 11:58 UTC

North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

thehackernews · thehackernews.com · 2026-03-23 18:09 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 2 / 0

Top publishers (this list)

CSO Online (1)
thehackernews (1)

Top origin domains (this list)

csoonline.com (1)
thehackernews.com (1)