Fake Solidity VSCode extension on Open VSX backdoors developers

A fake Solidity extension for Visual Studio Code was discovered on the Open VSX marketplace, which backdoors developers by stealing sensitive data. The malicious extension impersonated a legitimate Solidity tool used for Ethereum smart contract development. Once installed, it executed hidden scripts to exfiltrate data such as environment variables, system information, and potentially private keys or credentials. This incident highlights the risks of third-party marketplaces and the importance of verifying extension authenticity before installation. Developers relying on open-source tools must remain vigilant against supply chain attacks and malicious code injections. The Open VSX platform, an alternative to Microsoft's Visual Studio Code Marketplace, was exploited to distribute this malware, emphasizing the need for enhanced security measures and vetting processes on all extension repositories. Users are advised to uninstall suspicious extensions immediately and audit their systems for any signs of compromise. This case serves as a critical reminder to the developer community about the dangers of counterfeit software components and the necessity of cybersecurity best practices in software development environments.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 03 Nov 2025 20:50:48 +0000

Cyber News related to Fake Solidity VSCode extension on Open VSX backdoors developers

Fake Solidity VSCode extension on Open VSX backdoors developers - A fake Solidity extension for Visual Studio Code was discovered on the Open VSX marketplace, which backdoors developers by stealing sensitive data. The malicious extension impersonated a legitimate Solidity tool used for Ethereum smart contract ...
1 week ago Bleepingcomputer.com

VSCode extensions found downloading early-stage ransomware - It is notable that the extensions were uploaded onto the VSCode Marketplace on October 27, 2024 (ahban.cychelloworld) and February 17, 2025 (ahban.shiba), bypassing safety review processes and remaining on Microsoft's store for an extensive ...
7 months ago Bleepingcomputer.com

Cyble Discovers Cyberattack Using VSCode For Remote Access - Cyble Research and Intelligence Lab (CRIL) researchers have uncovered a sophisticated campaign that starts with a suspicious .LNK file and uses Visual Studio Code (VSCode) to establish persistence and remote access – and installs the VSCode command ...
1 year ago Thecyberexpress.com

CVE-2025-52882 - Claude Code is an agentic coding tool. Claude Code extensions in VSCode and forks (e.g., Cursor, Windsurf, and VSCodium) and JetBrains IDEs (e.g., IntelliJ, Pycharm, and Android Studio) are vulnerable to unauthorized websocket connections from an ...
4 months ago

Building For a More Secure Future: How Developers Can Prioritize Cybersecurity - At the time, he was breaking new ground, repeating those words to help convince his teams on how crucial developers were going to be to the success of their platform. While the focus may have been initially on enterprise B2B platforms with Microsoft, ...
1 year ago Cyberdefensemagazine.com

Open VSX rotates tokens used in supply chain malware attack - Open VSX, an open-source alternative to Microsoft's Visual Studio Code Marketplace, has taken swift action to rotate authentication tokens following a supply chain malware attack. This proactive measure aims to prevent further unauthorized access and ...
1 week ago Bleepingcomputer.com

VSCode extensions with 9 million installs pulled over security risks - Microsoft has removed two popular VSCode extensions, 'Material Theme – Free' and 'Material Theme Icons – Free,' from the Visual Studio Marketplace for allegedly containing malicious code. One of the researchers, Amit Assaraf, says ...
8 months ago Bleepingcomputer.com

Mastering Cybersecurity: Developer Training - Discover how to create an effective and engaging training program for your developers. Create a security training program with clearly defined goals to influence your developers to prioritize learning. Developers are likelier to participate and exert ...
1 year ago Feeds.dzone.com Equation

Malicious VSCode extensions infect Windows with cryptominers - Nine VSCode extensions on Microsoft's Visual Studio Code Marketplace pose as legitimate development tools while infecting users with the XMRig cryptominer to mine Ethereum and Monero. If you have installed any of the nine extensions mentioned in the ...
7 months ago Bleepingcomputer.com

CVE-2023-46248 - Cody is an artificial intelligence (AI) coding assistant. The Cody AI VSCode extension versions 0.10.0 through 0.14.0 are vulnerable to Remote Code Execution under certain conditions. An attacker in control of a malicious repository could modify the ...
2 years ago

Open VSX Registry Addresses Leaked: What You Need to Know - The Open VSX Registry, a popular open-source alternative to Microsoft's Visual Studio Code Marketplace, recently experienced a significant data leak exposing registry addresses. This incident raises concerns about the security and privacy of ...
1 week ago Cybersecuritynews.com

Microsoft apologizes for removing VSCode extensions used by millions - Microsoft has reinstated the 'Material Theme – Free' and 'Material Theme Icons – Free' extensions on the Visual Studio Marketplace after finding that the obfuscated code they contained wasn't actually malicious. According to Astorino, the ...
7 months ago Bleepingcomputer.com

Microsoft open-sources VS Code Copilot Chat extension on GitHub - GitHub Copilot Chat is an AI assistant extension for VS Code, allowing developers to chat with a GPT4-based model inside the editor to get help with coding tasks. With the Copilot Chat extension now publicly available on GitHub, developers are ...
4 months ago Bleepingcomputer.com

Fake browser updates spread updated WarmCookie malware - The latest campaign was discovered by researchers at Gen Threat Labs, who observed the WarmCookie backdoor being distributed as fake Google Chrome, Mozilla Firefox, Microsoft Edge, and Java updates. FakeUpdate is a cyberattack strategy used by a ...
1 year ago Bleepingcomputer.com

WhiteCobra floods VSCode Market with crypto-stealing extensions - Security researchers have uncovered a new wave of malicious extensions flooding the Visual Studio Code (VSCode) Marketplace, attributed to the WhiteCobra threat group. These extensions are designed to steal cryptocurrency from users by injecting ...
1 month ago Bleepingcomputer.com WhiteCobra

With the Right Support, Developers Can Lead Your Organization to Superior PCI-DSS 4.0 Compliance - The Payment Card Industry Data Security Standard version 4.0 will change almost everything about security for any business or organization that accepts electronic payments, which is a vast majority of them. Make no mistake, this update will be ...
1 year ago Feeds.dzone.com

Shift-left Convergence with Generative AI Improves the Programmer's Role - The ongoing 'shift left' movement in software development - where testing and quality control measures are moved earlier in the application lifecycle - is pushing developers into less familiar areas such as security. While intended to deliver more ...
1 year ago Feedpress.me

Stytch offers toolkit for developers to build, implement, and customize passkey-based authentication - Stytch announced its Passkeys offering, giving developers the easiest way to build, customize and maintain passkey-based authentication in their applications. Stytch's new solution offers a flexible, API-first approach to passkeys that abstracts the ...
1 year ago Helpnetsecurity.com

5 Tips for Strengthening the Developer-Security Team Relationship - COMMENTARY. In the ever-evolving realm of software development, the interaction between developers and security teams is critically important, with security analysts typically depending on developers to address vulnerabilities in previously written ...
1 year ago Darkreading.com

Part 2: Smart Shift Left - In my previous blog post, we discussed the state of the union for shift left and and how many organizations are not implementing correctly. Recognizing the consequences of a poor shift left model. Many of the high friction points with a poor shift ...
1 year ago Feedpress.me

The zero-day that could've compromised every Cursor and Windsurf user - In a recent post Yomtom explains that while examining the build process behind OpenVSX, the open-source marketplace powering extensions for tools like Cursor, Windsurf, VSCodium, and others, he discovered a critical flaw. Dubbed VSXPloit: A single ...
4 months ago Bleepingcomputer.com

Malicious crypto-stealing VSCode extensions resurface on OpenVSX - Malicious Visual Studio Code (VSCode) extensions designed to steal cryptocurrency have reappeared on the OpenVSX marketplace, raising significant security concerns among developers and users. These extensions, disguised as legitimate tools, are ...
4 weeks ago Bleepingcomputer.com

How Kasada Counters Toll Fraud and Fake Account Creation for Enterprises - Toll fraud and fake account creation are two advanced threats that bad actors employ for massive profit. Fake Account Creation is committed by a wide range of attackers, through automating the generation of new user accounts en masse, which then get ...
1 year ago Securityboulevard.com

Malicious VSX Extension 'SleepyDuck' Uses Steganography to Evade Detection - A newly discovered malicious VSX extension named 'SleepyDuck' has been found using advanced steganography techniques to evade detection and deliver payloads stealthily. This sophisticated attack targets developers by embedding malicious code within ...
1 week ago Thehackernews.com

Fake app impersonating LastPass spotted in Apple's App Store The Register - LastPass says a rogue application impersonating its popular password manager made it past Apple's gatekeepers and was listed in the iOS App Store for unsuspecting folks to download and install. A screenshot of the fake LastPass app in the Apple App ...
1 year ago Go.theregister.com