VERY IMPORTANT

A sophisticated attack has been uncovered that exploits Visual Studio Code's remote tunnel capabilities for unauthorized access. The attack begins with a .LNK file, disguised as a legitimate setup, which downloads a Python package and executes a malicious script. This script establishes persistence through a scheduled task and leverages VSCode to create a remote tunnel, allowing the attacker unauthorized access to the victim's machine. The attacker can then interact with the system, access files, and perform additional malicious activities. This method mirrors tactics used by the Chinese APT group Stately Taurus in cyber espionage campaigns. The attack demonstrates the growing sophistication of threat actors in using legitimate tools to bypass detection measures.