VS Code’s Malicious Extensions: When Developers Get ‘Rich’ with Cryptojacking

A mysterious threat actor is turning Visual Studio Code into a secret mine with a fake VS Code extension campaign. With over 300,000 installations, these sneaky extensions are cryptojacking their way into devices, making users unwitting miners in a sophisticated cryptomining operation. It’s the digital gold rush nobody asked for!

3P
Published: April 7, 2025 3:08 pmAdded: April 7, 2025 at 8:27 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Move over, traditional malware! There’s a new sheriff in town, and it’s riding in on the back of your favorite Visual Studio Code extension. Call me old-fashioned, but when did coding start to include hidden treasure hunts for cryptocurrency? It’s like finding out your grandma’s secret cookie recipe was actually a blueprint for a bank heist. Go ahead, install that “Discord Rich Presence” extension—if you want your computer to become a digital gold mine for someone else!

Key Points:

  • Cryptojacking campaign targets Visual Studio Code extensions.
  • Over 300,000 installations in three days, with “Discord Rich Presence” leading the pack.
  • Extensions download a PowerShell script that deploys XMRig cryptominer.
  • Install counts may be artificially inflated to appear legitimate.
  • Extensions disable Windows security features to mine cryptocurrency.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?