Malicious VSCode Extensions: How Codo AI and Bitcoin Black Steal Your Data and Crypto!

Beware developers! Two malicious VS Code extensions, Bitcoin Black and Codo AI, are causing chaos by stealing your secrets and hijacking your sessions. Disguised as a harmless theme and AI assistant, they’re part of a cunning plan to swipe credentials and crypto wallets. Always double-check before installing extensions; your data may depend on it!

3P
Published: December 8, 2025 10:37 pmAdded: December 8, 2025 at 3:11 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Who’s ever heard of a color theme that wants to play with PowerShell? That’s like asking your wallpaper to fix your plumbing—if only Bitcoin Black was as harmless as it sounds. And as for Codo AI, it’s certainly not the kind of AI assistant you want helping with anything other than making your machine a malware hotspot. If you thought your code had bugs before, these extensions are ready to take those bugs to the next level!

Key Points:

  • Two malicious VSCode extensions, Bitcoin Black and Codo AI, have been identified on Microsoft’s Visual Studio Code Marketplace.
  • The extensions masqueraded as a color theme and an AI assistant, respectively, with suspicious behaviors like executing PowerShell code.
  • These extensions deploy malware capable of stealing credentials, taking screenshots, and hijacking browser sessions.
  • The malware uses a DLL hijacking technique to disguise itself and steal sensitive information.
  • Developers are advised to install extensions from reputable publishers to avoid such risks.

Code of Conduct: Malware Edition

In the latest episode of “When Extensions Attack,” two new uninvited guests have crashed the Visual Studio Code Marketplace party. Masquerading as an innocent color theme and an AI assistant, Bitcoin Black and Codo AI are here to turn your development environment into a malware minefield. Forget about color coding your variables; these extensions are more interested in coding chaos into your life. With only a few installs so far, these extensions are the party-crashers you’d never want to RSVP to!

PowerShell Shenanigans

Bitcoin Black, the extension that sounds like it should be offering you a discount on cryptocurrency, instead offers you a front-row seat to a PowerShell circus. It slyly activates during VSCode actions, running PowerShell scripts like it’s auditioning for a magician’s assistant role. But wait, there’s more! Newer versions have upgraded from obvious PowerShell windows to covert batch scripts, downloading dreaded DLL files behind the scenes. Who knew a color theme could be so ambitious?

AI with a Hidden Agenda

Meanwhile, Codo AI is busy pretending to be your friendly neighborhood code assistant while secretly plotting world domination—or at least your browser sessions. With code assistance powered by ChatGPT or DeepSeek, it’s like having an AI buddy who’s also a kleptomaniac. It delivers a legitimate screenshot tool paired with a nasty surprise: a malicious DLL file. Talk about a two-faced friend! It’s no wonder Virus Total is giving it side-eye with 29 antivirus engines raising the alarm.

Sticky Fingers and Shady Business

Once on your machine, the malware makes itself at home in the ‘%APPDATA%Local’ directory, creating its own little den called Evelyn. But instead of hanging out with Evelyn, all it wants to do is steal your WiFi credentials, clipboard content, and even your cryptocurrency wallets. It’s like having a roommate who rummages through your stuff when you’re not looking. And if that wasn’t enough, it hijacks your browser sessions to steal cookies too. Who knew cookies could be so dangerous?

Dodging the Malware Bullet

With these extensions lurking in the marketplace, developers need to channel their inner Sherlock Holmes and scrutinize every new addition to their toolkit. Install only from reputable publishers and always keep an eye out for suspicious activities. Because the last thing you want is a rogue extension turning your development environment into a real-life episode of “CSI: Malware Edition.” And remember, if your code starts acting like it has a mind of its own, it might just be time to hit that uninstall button!

In conclusion, while extensions can be a developer’s best friend, these two are more like frenemies. With their sneaky tactics and malicious intent, Bitcoin Black and Codo AI are not the kind of sidekicks you want on your coding adventures. So keep your guard up, and may your code be as secure as your passwords!

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?