SleepyDuck Strikes: Malicious Extension in Open VSX Dupes 53,000 Developers!
SleepyDuck, a mischievous remote access trojan, disguises itself as a popular Solidity extension on Open VSX. Using an Ethereum smart contract, it remains active even if its main server is taken down. With over 53,000 downloads, this crafty malware highlights the importance of vigilance when downloading extensions from open-source registries.
Hot Take:
Who knew that when Ethereum meets VS Code extensions, it’s not just about coding smart contracts but also about sneaky malware contracts? SleepyDuck is here to remind us that the blockchain isn’t just a playground for crypto enthusiasts but also a new hangout spot for cybercriminals. Just when you thought you were downloading a helpful coding tool, surprise! You’ve got a duck that never sleeps. Can we get a round of applause for the hackers who turned a coding extension into a Trojan horse? Bravo, but seriously, stop it.
Key Points:
- SleepyDuck masquerades as a Solidity extension in the Open VSX registry, popular among AI-powered IDEs.
- The extension was harmless at first but turned malicious after an update post 14,000 downloads.
- Uses Ethereum smart contracts for command-and-control, ensuring longevity even if primary servers go down.
- Activates during editor startup and masquerades as legitimate through fake functions.
- Open VSX is ramping up security measures to combat such threats with automated scans and quick credential revocations.