Defending Against VS Code Auto-Run Attacks: Mitigating StoatWaffle Malware

Introduction

Software development environments have become a prime target for sophisticated threat actors seeking to bypass traditional email security gateways. A recent campaign attributed to North Korean hackers (tracked as WaterPlum or Contagious Interview) highlights a critical shift in attack vectors. By abusing legitimate features in Microsoft Visual Studio Code (VS Code)—specifically the tasks. auto-run functionality—these actors are deploying a malware family known as StoatWaffle.

For defenders, this represents a significant risk. Developers often operate with elevated privileges and access sensitive intellectual property. If a malicious repository is cloned or opened, the victim's environment can be compromised simply by opening the project in the editor. This post breaks down the mechanics of the attack and provides the necessary detection logic and hardening steps to protect your organization.

Technical Analysis

The core of this attack lies in the abuse of the VS Code "Tasks" feature, intended to automate build processes and developer workflows. Tasks are defined in a .vscode/tasks. file within a project directory. Normally, VS Code prompts the user before running tasks from a workspace folder to prevent accidental code execution.

However, the WaterPlum threat group has been observed poisoning VS Code projects with malicious configurations. Since December 2025, they have distributed these projects via fake job recruitment interviews—often sending a "coding test" repository to the victim.

The Attack Vector:

1. Delivery: The victim receives a link to a zip file or Git repository containing the source code for a fake interview assignment.
2. Execution: Upon opening the folder in VS Code, the application parses the .vscode/tasks. file.
3. Payload: The actors configure tasks to execute automatically or trick the user into accepting a "trust" prompt. This triggers a command line sequence that retrieves and executes the StoatWaffle payload.
4. Impact: StoatWaffle establishes persistence, often establishing a reverse shell or downloading follow-on payloads, giving the attackers control over the developer's endpoint.

This tactic is dangerous because it leverages a trusted tool (VS Code) against the user. Standard antivirus solutions may flag the final payload, but the initial tasks. file is a simple text configuration file, often bypassing static analysis.

Defensive Monitoring

To detect this activity, security teams must monitor for the creation or modification of .vscode/tasks. files within user directories and analyze the commands they execute. Below are detection queries and scripts for your security operations team.

Microsoft Sentinel / Defender KQL Query

This query detects the creation of suspicious tasks. files in user profiles or the execution of commands initiated by VS Code (Code.exe).

DeviceFileEvents
| where FileName == "tasks."
| where FolderPath contains @".vscode"
| where Timestamp > ago(7d)
| project Timestamp, DeviceName, InitiatingProcessAccountName, FolderPath, SHA256
| extend DevOpsPath = tostring(split(FolderPath, @".vscode")[0])
| join kind=leftsemi (
    DeviceProcessEvents
    | where InitiatingProcessFileName == "Code.exe"
    | where FileName in ("powershell.exe", "cmd.exe", "bash", "curl", "wget")
    | where Timestamp > ago(7d)
) on DeviceName
| summarize FirstSeen=min(Timestamp), LastSeen=max(Timestamp), FileCount=count() by DeviceName, InitiatingProcessAccountName

PowerShell Verification Script

Use this script to scan developer endpoints for the presence of tasks. files and flag those containing suspicious keywords (like encoded commands or remote URLs).

# Scan for tasks. in user profiles
$SuspiciousKeywords = @("Invoke-Expression", "IEX", "DownloadString", "wget", "curl", "base64", "FromBase64String")
$Results = @()

Get-ChildItem -Path "C:\Users\" -Recurse -Filter "tasks." -ErrorAction SilentlyContinue | ForEach-Object {
    $Content = Get-Content $_.FullName -Raw -ErrorAction SilentlyContinue
    $FoundKeyword = $false
    
    foreach ($Keyword in $SuspiciousKeywords) {
        if ($Content -match $Keyword) {
            $FoundKeyword = $true
            break
        }
    }
    
    if ($FoundKeyword) {
        $Results += [PSCustomObject]@{
            Path = $_.FullName
            User = $_.Directory.Parent.Name
            Status = "Suspicious Content Detected"
        }
    }
}

if ($Results.Count -eq 0) {
    Write-Host "No suspicious tasks. files found." -ForegroundColor Green
} else {
    Write-Host "Alert: Suspicious tasks. files detected:" -ForegroundColor Red
    $Results | Format-Table -AutoSize
}

Remediation

To defend against this attack vector and protect your development environment, implement the following controls immediately.

1. Enforce Workspace Trust

VS Code includes a "Workspace Trust" feature that prevents automatic code execution in folders the user has not explicitly trusted. Ensure this is enforced via organizational policy.

Configuration:

• Navigate to Settings > Workspace > Trust.
• Set "Control: Workspace Trust" to true.
• Set the default behavior to prompt or restrict untrusted workspaces.

JSON Settings configuration (settings.):

{ "security.workspace.trust.enabled": true, "security.workspace.trust.banner": "always", "security.workspace.trust.untrustedFiles": "open" }

2. Disable Auto-Run Tasks

Prevent tasks from running automatically when a folder is opened. This requires the user to manually trigger tasks via the Terminal menu.

User Action: Go to Settings > Tasks, and ensure the "Allow Automatic Tasks in Folder" option is disabled or handled via an enterprise policy.

3. Application Allowlisting

Configure AppLocker or Windows Defender Application Control (WDAC) to restrict which scripts and executables VS Code can launch. Prevent Code.exe from spawning powershell.exe or cmd.exe unless explicitly whitelisted for specific build pipelines.

4. Developer VDI/Sandboxing

Mandate that code testing or interviews—especially for external candidates or unknown repositories—occur within a non-persistent Virtual Desktop Infrastructure (VDI) or a sandboxed environment. This isolates the execution of tasks. from the corporate network and privileged accounts.

5. Security Awareness for Engineering Teams

Update your security training for developers. Specifically, warn against:

• Cloning repositories from untrusted sources (e.g., unsolicited "coding challenges" on social media).
• Opening zip files directly in VS Code from unknown senders.
• Clicking "Trust" on workspace prompts without verifying the source.

Related Resources

Security Arsenal Alert Triage Automation AlertMonitor Platform Book a SOC Assessment platform Intel Hub