Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer

doode Blog

RSS 𝕏 f ▶

No current banned IPs (last update: 2026-06-29 08:52) <a href="/attacks/">Full report</a>

doode Blog

Home / Tech / Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer

Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer

June 29, 2026 dirk 0 Comments 3 tags

Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer

Cybersecurity researchers have uncovered two hijacked npm packages and a cluster of Go packages that are designed to deploy a Python-based information stealer on compromised Windows, Linux, and macOS hosts.

“This attack avoids the most common npm execution paths through lifecycle scripts, perhaps in an attempt to remain ‘compatible’ with npm v12’s security hardenings,” JFrog said in a

Source: The Hacker News

Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer

Leave a Reply Cancel reply

Explore More

Why eval startups fail (2025)

No, everyone is not using AI for everything

I found 10k GitHub repositories distributing Trojan malware