The OpenSourceMalware Show #3
2026-05-07 • Open Source Malware •
https://opensourcemalware.com/blog/opensourcemalware-show-episode03
Lazarus Group's Contagious Interview / TaskJacker activity has shifted part of its persistence chain into Git hooks while still using VS Code `task.json` loaders. The episode says observed variants use concatenated Git commands to create `pre-commit` and `post-checkout` hooks, hiding payload URLs outside the task file that researchers commonly inspect. The `post-checkout` hook is especially useful against developers because it can run whenever a branch is checked out in VS Code-based environments such as Cursor or Windsurf.
Related Actors
Related Reports
Shares tags: Podcast, ContagiousInterview, Lazarus • Same author: Open Source Malware • Published within a month
2026-05-14 •
82% Match
#NPM
#ContagiousInterview
#BeaverTail
#InvisibleFerret
#Lazarus
#VSCode
#Axios
#TasksJacker
Shares tags: ContagiousInterview, Lazarus, VSCode • Same author: Open Source Malware • Published within a week
Shares tags: ContagiousInterview, Lazarus, TasksJacker • Same author: Open Source Malware • Published within a week
Shares tags: ContagiousInterview, Lazarus, TasksJacker • Same author: Open Source Malware
Shares tags: ContagiousInterview, Lazarus, VSCode • Same author: Open Source Malware
Shares tag: ContagiousInterview • Same author: Open Source Malware • Published within a month