OpenSourceMalware identifies TasksJacker as an active DPRK-linked supply-chain campaign that compromises GitHub repositories by adding malicious .vscode/tasks.json files configured to run when a developer opens the folder in VS Code. The campaign affected more than 400 repositories, including DataStax projects, and used force-push history rewriting to make injected files appear as older legitimate maintainer commits. Its payload chain downloads a self-deleting dropper, retrieves encrypted references through TRON and Aptos APIs, fetches payload material from Binance Smart Chain transactions, and executes infostealer and backdoor components targeting browser credentials, cryptocurrency wallets, SSH keys, AWS credentials, environment variables, and Git tokens. The activity matters for DPRK tracking because it moves beyond fake-interview lures into direct open-source ecosystem compromise, with resilient blockchain-based C2 and follow-on evolution into PolinRider-style upstream injection activity.