Bitcoin emblem over a chart.
Recent reports have uncovered a number of malicious extensions in the Visual Studio Code or VSCode marketplace that are targeting software developers and cryptocurrency enthusiasts with sophisticated attacks aimed at compromising their systems and stealing sensitive data. VSCode is a popular code editor used by millions of developers worldwide.
Security researcher Amit Assaraf recently revealed how attackers are exploiting the VSCode marketplace. Assaraf discovered extensions that appeared to provide valuable functionality but were actually Trojan horses for malware. An extension posing as an official Zoom integration appeared legitimate and boasted numerous installs and positive reviews. However, upon installation, the extension downloaded a malicious script from a Russian server and executed unauthorized commands on victims’ computers.
The attackers had carefully designed their extensions to look authentic. They used fake reviews, links to reputable repositories, and inflated download numbers to make the tools appear credible – practices that can lull even experienced developers into a false sense of security.
Crypto in VSCode’s crosshairs
Further investigation revealed that this malicious activity is part of a broader campaign targeting developers working in blockchain and cryptocurrency environments. A report from BleepingComputer states that some of these extensions claimed to support Ethereum development or blockchain toolkits. They also provided the following list of those submitted to the VSCode marketplace:
- EVM.Blockchain toolkit
- VoiceMod.VoiceMod
- ZoomVideoCommunications.Zoom
…
