North Korean threat actors are hiding multi-stage malware droppers in VSCode configuration files, disguised as spell-check dictionaries, to compromise developers through fake job interviews and establish persistent backdoors with remote code execution capabilities.