Cybersecurity researchers from **JFrog** have identified a cluster of malicious **npm** and **Go** packages designed to deploy a persistent Python-based information stealer on compromised systems. This elaborate attack chain targets developers using **VS Code**, subtly integrating malware execution into common workflows. ### The npm Package Hijack The initial vector involves two hijacked **npm** packages: `html-to-gutenberg` and `fetch-page-assets`. These packages, uploaded on May 25, 2026, and since removed from the registry, cleverly circumvent standard **npm** execution paths. Instead of relying on lifecycle scripts, the malware hides its execution within a **VS Code** task named "eslint-check." This task is configured with `runOn: 'folderOpen'`, triggering arbitrary code execution when the project folder is opened as a workspace in **VS Code** or **Cursor**. "The command also disguises the payload as a font file - `public/fonts/fa-solid-400.woff2`, even though the file just contains JavaScript code," **JFrog** noted in their analysis. ### North Korean Attribution and Contagious Interview Campaign The abuse of **VS Code** auto-run tasks and the disguise of JavaScript malware as font files bears a striking resemblance to tactics previously attributed to North Korean threat actors. The **OpenSourceMalware** team, tracking this activity as "Fake Font," describes it as a variant of the **Contagious Interview** campaign. This long-running campaign targets software developers and technical personnel through fraudulent job interview processes. Security researcher **Paul McCarty** previously highlighted this, stating, "This 'Fake Font' campaign delivers a multi-stage loader that ultimately deploys the **InvisibleFerret** Python backdoor, designed to steal cryptocurrency wallets, browser credentials, and establish persistent access." ### Multi-Stage Infection Chain The bogus font file acts as a dead drop resolver, leveraging blockchain infrastructure like **TronGrid** and **Aptos** to fetch subsequent JavaScript payloads. This resilient mechanism ensures the attacker's command-and-control (C2) infrastructure remains operational even if components are taken down. The JavaScript stage configures a **Socket.io** backdoor, granting the attacker remote control over the infected host. Capabilities include shell execution, clipboard harvesting, file system operations, file uploads, process management, and arbitrary JavaScript execution. Simultaneously, a Python loader component retrieves the final Python infostealer from the C2 server. This infostealer is a comprehensive tool designed to siphon credentials, browser data, wallet information, and developer artifacts from a wide array of sources: * Chromium-based and **Mozilla Firefox** browsers * Password managers and authenticators * Cryptocurrency wallets * **Git** credentials, **GitHub CLI** `hosts.yml`, **GitHub Desktop** logs * **VS Code** and global storage * **Windows Credential Manager**, **Linux Secret Service**, **KDE Wallet**, **macOS Keychain** * Cloud storage metadata for **Dropbox**, **Google Drive**, **Microsoft OneDrive**, **Apple iCloud**, **Box**, **Mega**, and **pCloud**. All collected data is compressed into ZIP archives and uploaded to the C2 server, with an optional exfiltration route via a **Telegram** bot. ### Go Ecosystem Also Targeted The campaign extends to the **Go** ecosystem, with **Nextron Systems** identifying 16 **Go** packages containing the same malware. **JFrog** noted that "Most appear to be legitimate packages whose latest released version included the malware alongside the original package contents, using the same structure and fake font file." ### Mitigation and Recommendations Users who have installed any of the identified malicious **npm** or **Go** packages are strongly advised to: * Remove them immediately. * Thoroughly scan developer machines for hidden **VS Code** folder-open tasks. * Rotate all credentials, including tokens, cloud credentials, API keys, browser-stored credentials, and wallet credentials. This incident underscores the critical need for robust supply chain security measures and vigilant scrutiny of third-party dependencies in development environments. The payloads demonstrate a clear interest in both immediate data theft and persistent interactive access, highlighting the sophisticated nature of these attacks.