Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer

A Sneaky Malware Campaign Exploits Dev Tools to Deliver Infostealer

A sophisticated malware campaign has been discovered, leveraging popular development tools and package managers to infect software developers’ machines with an infostealer payload. The attackers have successfully hijacked numerous packages on npm and Go, exploiting the trust placed in these widely-used repositories.

The malicious code is embedded within legitimate packages, which are then downloaded by unsuspecting developers via their Integrated Development Environments (IDEs), such as Visual Studio Code (VS Code). Once installed, the malware uses VS Code’s built-in Task feature to execute a Python script that downloads and installs an infostealer. This type of malware steals sensitive information from infected machines, including login credentials, credit card numbers, and other valuable data.

The attackers have compromised several popular packages on npm, including those used for tasks like automation and testing. Similarly, on the Go Package Index (GPI), they’ve hijacked packages related to network protocols and file management. These malicious packages have been downloaded thousands of times by developers worldwide, making it a significant threat. The fact that this malware uses legitimate development tools makes it harder to detect, as security software may view these actions as normal behavior.

One of the key factors contributing to the success of this campaign is the use of AI-powered vulnerability scanning. Attackers have leveraged publicly available vulnerabilities discovered by AI models and exploited them in their malicious code. This highlights a pressing concern: many organizations are not prepared for the rapid evolution of cybersecurity threats, which can be fueled by AI. To mitigate this risk, developers should regularly update dependencies and packages to ensure they’re using the latest versions.

In light of these events, it’s essential for software developers and security professionals to prioritize vulnerability scanning and package management. This includes keeping dependencies up-to-date, monitoring package repositories for suspicious activity, and implementing robust security measures within development environments. As AI continues to play an increasingly significant role in cybersecurity, it’s crucial that organizations adapt their strategies to address the growing threat landscape.


Source: The Hacker News — 2026-06-29