A fake VS Code extension called "ClawdBot Agent" was found to be a trojan that installs malware on Windows machines without user interaction. Although it appeared legitimate, it secretly connected to a remote server to deliver malicious payloads. The investigation reveals sophisticated tactics and multiple layers of redundancy in the attack.

North Korean hackers are using malicious Microsoft Visual Studio Code projects to deliver a backdoor that allows remote code execution. By tricking victims into cloning Git repositories and opening them in VS Code, the attackers exploit task configuration files to run harmful JavaScript payloads. This ongoing campaign targets software engineers, particularly in cryptocurrency and fintech sectors.