Malicious VS Code Extensions Alert: Protect Your Data from Sneaky Infostealers!

Cybersecurity researchers have unearthed two sneaky Visual Studio Code extensions, Bitcoin Black and Codo AI. Disguised as a crypto theme and coding assistant, these extensions secretly pilfer data like WiFi passwords. Who knew a coding assistant could moonlight as a data thief?

3P
Published: December 9, 2025 4:53 pmAdded: December 9, 2025 at 9:17 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Who knew that coding could be this dangerously stylish and “helpful”? Meet Bitcoin Black and Codo AI, the Bonnie and Clyde of the Visual Studio Code marketplace, stealing your data with the elegance of a color scheme and the charm of an AI assistant!

Key Points:

  • Two malicious VS Code extensions, Bitcoin Black and Codo AI, were discovered stealing data.
  • Bitcoin Black posed as a cryptocurrency-themed color scheme, while Codo AI functioned as a coding assistant.
  • Both extensions executed hidden scripts for data theft using a DLL-based infostealer.
  • The malware used DLL hijacking to run under trusted binaries like Lightshot.
  • Codo AI remains available on the VS Code marketplace, posing ongoing risks.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?