WaterPlum's StoatWaffle Malware Targets VSCode Users

WaterPlum's StoatWaffle Malware Targets VSCode Users

First seen 19 Mar 2026, 08:12 UTC GbhackersCybersecuritynewsCsoonlineI-Programmer.Info 86% similarity 57.0

Article Content

Browse articles
ThreatCluster

The North Korea-linked hacking group WaterPlum has launched a new malware strain called StoatWaffle, targeting developers through compromised Visual Studio Code (VSCode) repositories. This malware is part of an ongoing campaign named 'Contagious Interview,' which lures victims with fake job offers. The attack vector involves disguising the malware as legitimate blockchain development projects, allowing it to infiltrate developer machines without detection. The specific scope of the impact remains unclear, but the campaign has been linked to a subgroup known as Team 8, previously associated with the OtterCookie malware. As of now, there are no reported CVEs or specific numbers of affected systems. Security professionals are urged to remain vigilant and monitor for signs of compromise.

Key Points: • WaterPlum has deployed StoatWaffle malware via compromised VSCode repositories. • The attack is part of the 'Contagious Interview' campaign targeting developers. • Team 8, a subgroup of WaterPlum, is linked to previous malware strains like OtterCookie.

ThreatCluster AI

Timeline

2026-03-19
WaterPlum announces StoatWaffle malware deployment.
2026-03-19
Articles published detailing the malware and its attack method.

Community

Browse all →