Crypto-Stealing Code: The Hilarious Misadventures of TigerJack Targeting VSCode Extensions

TigerJack is prowling the VSCode marketplace, cleverly disguising malicious extensions as legitimate tools. With names like C++ Playground and HTTP Format, these sneaky extensions steal code, mine crypto, and even open backdoors. Remember, if an extension seems too good to be true, it might just be a Tiger in disguise!

3P
Published: October 14, 2025 9:44 pmAdded: October 14, 2025 at 3:08 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like TigerJack is trying to claw its way into the developers’ cryptocurrency stash while also slipping in some sneaky backdoors! Perhaps it’s time to declaw these malicious extensions and send them to the litter box where they belong.

Key Points:

  • TigerJack targets developers with malicious extensions on Microsoft’s VSCode marketplace and OpenVSX registry.
  • Removed extensions with 17,000 downloads are still present on OpenVSX; TigerJack republishes them under new names.
  • OpenVSX serves as an alternative, community-maintained marketplace.
  • Malicious extensions exfiltrate code, mine cryptocurrency, and enable arbitrary code execution.
  • Koi Security researchers identified TigerJack’s multi-account operation.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?