The OpenSourceMalware Show #3

2026-05-07 Open Source Malware

https://opensourcemalware.com/blog/opensourcemalware-show-episode03

Thumbnail for The OpenSourceMalware Show #3

Lazarus Group's Contagious Interview / TaskJacker activity has shifted part of its persistence chain into Git hooks while still using VS Code `task.json` loaders. The episode says observed variants use concatenated Git commands to create `pre-commit` and `post-checkout` hooks, hiding payload URLs outside the task file that researchers commonly inspect. The `post-checkout` hook is especially useful against developers because it can run whenever a branch is checked out in VS Code-based environments such as Cursor or Windsurf.

Related Actors

Related Reports

« Back