VSCode Extensions Gone Rogue: Ransomware Sneaks in Through ShibaCoin Demands!

Cybersecurity researchers have discovered two malicious Visual Studio Code extensions designed to deploy early-stage ransomware. Named “ahban.shiba” and “ahban.cychelloworld,” these extensions encrypt files in a folder called “testShiba.” Victims are humorously asked to pay 1 ShibaCoin to “ShibaWallet,” though no actual wallet address is provided.

3P
Published: March 24, 2025 11:44 amAdded: March 24, 2025 at 5:18 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like the VSCode Marketplace got a little too ‘extensive’ with their extensions! Who knew coding could come with a side of ransomware? Just when you thought your worst coding enemy was a syntax error, along comes “ahban.shiba” and “ahban.cychelloworld” to really encrypt your day. But hey, if you really want to test your code-breaking skills, pay 1 ShibaCoin and see if you can decrypt those files!

Key Points:

  • Two malicious VSCode extensions, “ahban.shiba” and “ahban.cychelloworld,” were designed to deploy ransomware.
  • These extensions invoked PowerShell commands to fetch payloads from a command-and-control server.
  • The ransomware is under development, currently encrypting files in a “testShiba” folder.
  • No detailed ransom recovery instructions or wallet addresses were provided to victims.
  • Maven package “scribejava-core” was impersonated to steal OAuth credentials using a time-based trigger.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?