Cryptocurrency Coders Under Siege: Malicious VSCode Extensions Strike Again!
Malicious Visual Studio Code extensions were found downloading obfuscated PowerShell payloads, targeting developers and cryptocurrency projects in sneaky supply chain attacks. These extensions, with names like Zoom and Solidity, lure victims with fake reviews and inflated installation numbers. Beware of the shady plugins and always validate code safety before downloading.
Hot Take:
When you thought your biggest problem was debugging code, surprise! Now you have to play Sherlock Holmes to find out if your VSCode extensions are plotting world domination with your crypto wallet. Who knew your favorite IDE could be the villain in your developer story?
Key Points:
- Malicious VSCode extensions target developers and cryptocurrency projects in supply chain attacks.
- Extensions download obfuscated PowerShell payloads to execute further attacks.
- Campaign includes 18 malicious extensions, such as “EVM.Blockchain-Toolkit” and “Ethereum.SoliditySupport.”
- Fake reviews and inflated installation numbers were used to create a facade of legitimacy.
- Secondary payloads involve heavily obfuscated Windows CMD files launching hidden PowerShell commands.
Already a member? Log in here