Contagious Interview: Evolution of VS Code and Cursor Tasks Infection Chains - Part 1
Contents
Contagious Interview: Evolution of VS Code and Cursor Tasks Infection Chains - Part 1
Summary
*Abstract customers already have visibility into the behaviors described in this report.
The ASTRO team has been actively tracking Contagious Interview techniques that abuse task auto-execution in integrated development environments (IDEs) such as Microsoft Visual Studio Code (VSCode) and Cursor to deliver malware. Since our last report on the tasks infection vector, we have observed a number of new malware loaders and payload stagers using short URLs, GitHub Gists, Google Drive, and some interesting custom domains. We have also seen a resurgence of previously reported infection chains and tooling now combined with the IDE tasks vector.
Findings
New Payload Stagers
In the last report, we noted heavy use of Vercel URLS for payload staging referenced directly in tasks.json
files along with a handful of custom domains. While stagers hosted on Vercel continue to be prevalent (though many have been taken down), we …
Summary
*Abstract customers already have visibility into the behaviors described in this report.
The ASTRO team has been actively tracking Contagious Interview techniques that abuse task auto-execution in integrated development environments (IDEs) such as Microsoft Visual Studio Code (VSCode) and Cursor to deliver malware. Since our last report on the tasks infection vector, we have observed a number of new malware loaders and payload stagers using short URLs, GitHub Gists, Google Drive, and some interesting custom domains. We have also seen a resurgence of previously reported infection chains and tooling now combined with the IDE tasks vector.
Findings
New Payload Stagers
In the last report, we noted heavy use of Vercel URLS for payload staging referenced directly in tasks.json
files along with a handful of custom domains. While stagers hosted on Vercel continue to be prevalent (though many have been taken down), we …
IoC
http://gist.githubusercontent.com
https://camdriver.pro/realtekwin.update?r=7205d529-ff14-4dcf-965b-29d500663a75
https://gist.githubusercontent.com/cuda-toolkit/0959deda4982736d1c1647cff354c665/raw/metal_pytorch_sim_v2.3.0.sh
https://drive.google.com/file/d/16AaeeVhqj4Q6FlJIDMgdWASJvq7w00Yc/view?usp=sharing
https://nomgwenya.co.za/js/settings?win=32
https://drive.usercontent.google.com/download?id=${fileId
https://gist.githubusercontent.com/cuda-toolkit/936835c7a98d3b223970a5d2ed63fc97/raw/cuda_toolkit_sim_v12.4.ps1
https://postprocesser.com/.well-known/pki-validation/go/python3.zip
https://camdriver.pro/realtekmac.sh?r=7205d529-ff14-4dcf-965b-29d500663a75
https://nomgwenya.co.za/js/bootstrap?win=32
http://short.gy
http://camdriver.pro
http://josehub88.vercel.app
936835c7a98d3b223970a5d2ed63fc97
0959deda4982736d1c1647cff354c665
https://camdriver.pro/realtekwin.update?r=7205d529-ff14-4dcf-965b-29d500663a75
https://gist.githubusercontent.com/cuda-toolkit/0959deda4982736d1c1647cff354c665/raw/metal_pytorch_sim_v2.3.0.sh
https://drive.google.com/file/d/16AaeeVhqj4Q6FlJIDMgdWASJvq7w00Yc/view?usp=sharing
https://nomgwenya.co.za/js/settings?win=32
https://drive.usercontent.google.com/download?id=${fileId
https://gist.githubusercontent.com/cuda-toolkit/936835c7a98d3b223970a5d2ed63fc97/raw/cuda_toolkit_sim_v12.4.ps1
https://postprocesser.com/.well-known/pki-validation/go/python3.zip
https://camdriver.pro/realtekmac.sh?r=7205d529-ff14-4dcf-965b-29d500663a75
https://nomgwenya.co.za/js/bootstrap?win=32
http://short.gy
http://camdriver.pro
http://josehub88.vercel.app
936835c7a98d3b223970a5d2ed63fc97
0959deda4982736d1c1647cff354c665