Hijacked npm and Go packages weaponise VS Code's `folderOpen` task autorun to drop a credential-stealing Python implant

JFrog Security Research disclosed two compromised npm packages (html-to-gutenberg v4.2.11, fetch-page-assets v1.2.9, uploaded 2026-05-25) plus 16 malicious Go packages carrying an identical chain (JFrog Security Research, 2026-06-24 · The Hacker News, 2026-06-29). A hidden eslint-check task in .vscode/tasks.json is configured with runOn: "folderOpen", so opening the project as a trusted workspace in VS Code or Cursor auto-executes the payload — deliberately sidestepping npm v12's lifecycle-script hardening that blocked preinstall/postinstall scripts by default. The payload (disguised as a fa-solid-400.woff2 font) pulls AES-encrypted stages from blockchain transaction data via TronGrid and Aptos APIs (a takedown-resilient dead-drop), then runs a cross-platform Python infostealer targeting browser stores, password managers, crypto wallets, and cloud-provider configs (AWS/Azure/GCP). Mapped to T1195.001, T1059.006, T1020.

Why it matters to us: Detection teams that added EDR coverage for node.exe→python chains under npm install will miss this — the parent is code.exe→python triggered by opening a folder. Add a CI/CD repository-scan rule for .vscode/tasks.json containing runOn: "folderOpen", and treat dependency-shipped .vscode/ directories as untrusted; enforce VS Code Workspace Trust so untrusted folders cannot auto-run tasks.