Malicious Visual Studio Code Extensions Distribute Infostealer Malware
Security researchers have identified two malicious extensions on the Microsoft Visual Studio Code Marketplace, named Bitcoin Black and Codo AI, which were designed to infect developer machines with information-stealing malware. These extensions, published under the developer name 'BigBlack', masqueraded as a premium dark theme and an AI-powered coding assistant, but secretly downloaded additional payloads, took screenshots, and exfiltrated sensitive data such as code, emails, Slack messages, WiFi passwords, clipboard contents, and browser sessions to attacker-controlled servers. Microsoft has since removed these extensions from the marketplace after their discovery, but not before they were downloaded and installed by several users. The malware leveraged PowerShell and batch scripts to download and execute payloads, with later versions hiding execution windows to evade user detection.
Technical analysis revealed that both extensions delivered a legitimate Lightshot screenshot tool alongside a malicious DLL, which was loaded via DLL hijacking to deploy the infostealer under the name runtime.exe. The malicious DLL was detected by multiple antivirus engines and created persistence by establishing directories in the %APPDATA%\Local\ path. The Codo AI extension embedded its malicious code within a functioning tool, making it harder to detect, while Bitcoin Black activated on every VS Code action. The campaign highlights the risks of third-party extensions in developer environments and the need for vigilance when installing tools from public marketplaces.
Sources
Related Stories
Malicious VS Code Extensions Delivering Ransomware and Cryptomining Payloads
Malicious Visual Studio Code extensions have been discovered on the official marketplace, delivering both ransomware and cryptomining malware to unsuspecting users. One extension, identified as `suspublisher18.susvsex`, was found to contain ransomware functionality, including file encryption, exfiltration for extortion, and the use of GitHub as a command and control channel. The extension's package even included the command and control server code and decryption tools, suggesting a lack of sophistication but highlighting the ease with which such threats can bypass marketplace review processes. The ransomware was initially configured to target a test directory, but this could be easily changed in future updates, posing a significant risk to developers. In addition to ransomware, several other malicious VS Code extensions have been used to deploy cryptomining malware, particularly targeting users interested in coding themes and AI capabilities. Extensions published by "DevelopmentInc" masqueraded as legitimate tools, such as a Pokémon-themed syntax highlighter, but instead downloaded and executed Monero cryptominers. These payloads disabled Windows Defender, escalated privileges, and established persistence on infected systems. Although the identified malicious extensions have been removed from the marketplace, security researchers warn that similar threats may reappear, urging developers to remain vigilant when installing third-party extensions.
4 months ago
Malicious VS Code Extensions Delivering Trojan Payloads via Impersonation and Encrypted Loaders
Security researchers reported **malicious Visual Studio Code extensions** being used as a software supply-chain vector to compromise developer workstations. One campaign impersonated a viral AI coding assistant (“**ClawdBot**”) via a fake extension (“ClawdBot Agent”) that appeared legitimate and even functioned as an AI assistant by integrating real APIs (e.g., OpenAI/Anthropic/Google), while **silently dropping malware on Windows at VS Code startup**. The observed payload delivery used camouflage filenames such as `Lightshot.exe` (and references to `Lightshot.dll`) and an Electron-style bundle name `Code.exe`, indicating an effort to blend into common developer tooling and evolve the dropper over time. A separate finding described an **Open VSX** extension masquerading as a popular **Angular Language Service** for VS Code, which bundled legitimate dependencies (e.g., `@angular/language-service` and `typescript`) alongside a **malicious loader** that activates when users open HTML or TypeScript files (`onLanguage:html`, `onLanguage:typescript`). The loader decrypts an embedded payload using **AES-256-CBC** (Node.js `crypto`), with a hardcoded IV and a large hex-encoded ciphertext, then delays and executes the decrypted code—behavior consistent with staged malware delivery and potential worm-like propagation through widely installed editor extensions.
1 months agoMalicious AI-Generated VS Code Extension with Ransomware Capabilities
A malicious Visual Studio Code extension named `susvsex` was discovered on the official VS Code Marketplace, openly advertising its ransomware-like capabilities. The extension, attributed to the publisher 'suspublisher18', was designed to automatically zip, exfiltrate, and encrypt files from a designated directory upon installation or launch of VS Code. Researchers noted that the extension's code appeared to be generated with the help of artificial intelligence, featuring hardcoded variables for command-and-control (C2) operations and an embedded GitHub access token. The extension polled a private GitHub repository for commands and wrote execution results back to the same repository, with the associated GitHub account traced to Azerbaijan. Microsoft removed the extension after it was reported, but initial inaction raised concerns about the vetting process for marketplace submissions. The extension's current configuration targeted a test directory, minimizing immediate impact, but researchers warned that the target could be easily changed in future updates or via C2 commands. The extension's explicit description and lack of obfuscation suggested it may have been an experiment to test marketplace security controls. The incident highlights the growing risk of AI-assisted malware development and the need for improved monitoring and response mechanisms in software extension ecosystems, especially as attackers leverage public marketplaces to distribute malicious code with destructive capabilities.
4 months ago