https://www.s0ld13r.kz/tags/claude/Recent content in Claude on s0ld13r's blogHugo -- 0.147.0en-usThu, 16 Apr 2026 14:52:15 +0500https://www.s0ld13r.kz/posts/claude-code-backdoor/Thu, 16 Apr 2026 14:52:15 +0500https://www.s0ld13r.kz/posts/claude-code-backdoor/<blockquote> <p><strong>DISCLAIMER:</strong> This article is intended strictly for educational and research purposes. The techniques, tools, and concepts discussed here are designed to enhance understanding of adversary tactics, improve defensive capabilities, and support authorized Red Team assessments. Any unauthorized or malicious use of the information provided is strongly condemned and may be illegal.</p></blockquote> <h2 id="intro">Intro</h2> <p><img alt="Malicious VSCode Task" loading="lazy" src="https://www.s0ld13r.kz/vscode_task_lazarus.jpg"></p> <p>Do you remember the <a href="https://github.com/SaadAhla/VSCode-Backdoor">VSCode task backdoor</a> ? The core idea was simple: you can&rsquo;t blindly trust projects you open in your editor. An attacker could embed a surprise in <code>.vscode/tasks.json</code>, and the moment you trusted the workspace, a loader would silently fire in the background and your machine will be compromised. This technique was weaponized by DPRK affilated <a href="https://radar.securityalliance.org/vs-code-tasks-abuse-by-contagious-interview-dprk/">Lazarus group</a> in their campaigns against IT companies.</p>