Key Findings North Korean threat actors tracked as WaterPlum are distributing StoatWaffle malware through malicious VS Code projects using the "tasks.json" auto-run feature The malware automatically executes when any file in a project folder is opened, with downloads occurring regardless of operating system StoatWaffle includes a credential stealer targeting browsers and a remote access trojan for command execution Attackers are targeting senior engineers, CTOs, and founders
