Hijacked npm and Go Packages Use VS Code Tasks and Blockchain C2

Security researchers at JFrog disclosed a supply chain attack affecting 18 packages across npm and Go ecosystems that uses a combination of techniques designed to evade detection: malicious VS Code tasks that execute on folder open, blockchain infrastructure as a dead drop resolver, and a multi-platform Python infostealer as the final payload. The findings were published June 29 after the affected packages were removed from their respective registries.

The attack represents an evolution in supply chain tradecraft. Rather than relying on npm lifecycle scripts—which security tools now monitor closely—the attackers embedded execution in VS Code workspace configurations. And instead of traditional C2 servers that can be taken down, they used blockchain transaction data to deliver encrypted payloads.

The Initial Vector: VS Code Workspace Tasks

The two npm packages identified—html-to-gutenberg version 4.2.11 and fetch-page-assets version 1.2.9—were uploaded May 25, 2026 and have since been removed.

Both packages contained a hidden VS Code task named eslint-check configured with runOn: folderOpen. When a developer opens the project folder as a workspace in VS Code or Cursor, the task executes automatically. No user interaction required beyond opening the folder.

This bypasses traditional supply chain defenses focused on preinstall, postinstall, and similar npm lifecycle hooks. The malicious code doesn't run during npm install—it runs later, when the developer opens the project in their editor.

The technique builds on themes we've seen in other recent supply chain attacks. Just days ago, Mozilla's 0-day challenge demonstrated how AI coding agents could be tricked into running malicious code from seemingly clean repositories. Attackers are finding new ways to trigger execution outside the monitored paths.

Blockchain Dead Drop Resolution

The task executes JavaScript disguised as a font file (public/fonts/fa-solid-400.woff2). This JavaScript uses blockchain infrastructure as a dead drop resolver—a clever approach to resilience.

The payload queries TronGrid and falls back to Aptos to retrieve encrypted JavaScript from blockchain transaction data. Because blockchain transactions are immutable and distributed, this C2 mechanism can't be disrupted through traditional takedown efforts. The attacker-controlled payload lives on-chain indefinitely.

The next-stage JavaScript establishes a Socket.io backdoor and configures command-and-control communications. This grants the attacker remote shell execution, clipboard harvesting, and file operations on the compromised machine.

The Python Infostealer

The final payload is a Python-based infostealer with cross-platform support for Windows, Linux, and macOS. Its collection targets are comprehensive:

Browsers and Authentication:

• Chromium-based browsers (Chrome, Edge, Brave, etc.)
• Firefox
• Password managers and authenticators

Development Credentials:

• Git credentials and GitHub CLI tokens
• SSH keys and authorized_keys
• VS Code global storage
• Cloud provider credentials (AWS, Azure, Google Cloud)

Financial Targets:

• Cryptocurrency wallets and seed phrases
• Cloud storage metadata (Dropbox, Google Drive, OneDrive, iCloud, Box, Mega, pCloud)

System Access:

• Windows Credential Manager
• Linux Secret Service
• KDE Wallet
• macOS Keychain

Exfiltration happens via compressed ZIP archives uploaded to the C2 server, with optional Telegram bot delivery if a token is provided.

16 Additional Go Packages

Following JFrog's initial disclosure, Nextron Research identified 16 Go packages containing the same malware. The full list includes:

• github.com/lambda-platform/lambda
• github.com/reauheau/goaubio
• github.com/glacialspring/go-winsparkle
• github.com/bm-197/chill
• github.com/naol7/dist-task-scheduler
• github.com/anatoli-derese/a2sv-excercise
• github.com/amantsehay/a2sv-go-course
• github.com/dexbotsdev/uniswap-v2-v3-arbitrage
• github.com/lambda-platform/ebarimt-rest-api
• github.com/lambda-platform/dan
• github.com/zainirfan13/graphql-client
• github.com/hngi/team-fierce-backend-golang
• github.com/glacialspring/static
• github.com/rickt/slack-weather-bot
• github.com/Barsu5489/commerce
• github.com/Setsu548/Logistic

Organizations should audit their Go dependencies for these packages and treat any matches as compromise indicators.

Attribution

JFrog notes that tactics align with the "Fake Font" campaign, linked to the "Contagious Interview" operation targeting developers since 2023. The threat actors appear to be financially motivated based on the infostealer's targets, and explicit geofencing excludes machines in CIS countries or configured for Russian language—a common pattern in Eastern European cybercrime.

Detection and Remediation

For organizations potentially affected:

1. Search for VS Code folder-open tasks: Audit .vscode/tasks.json files in all dependencies for suspicious runOn: folderOpen configurations
2. Check for blockchain communication: Monitor network traffic for TronGrid and Aptos API calls from development machines
3. Rotate credentials: If any affected packages were used, assume credential theft and rotate browser-stored passwords, API keys, cloud credentials, SSH keys, and wallet recovery phrases
4. Audit dependencies: Remove the identified npm and Go packages from all projects

The VS Code task execution vector is particularly concerning because it survives across npm clean-install operations and doesn't appear in typical dependency audit tools. Security teams should consider monitoring .vscode directories in dependencies as part of supply chain hygiene.

For more context on supply chain security risks, see our hacking news coverage of recent incidents.