Topic: malicious extension

Sort by: Relevance | Date
  • Malicious Solidity VSCode Extension Backdoors Developers
    November 5, 2025
    80%

    Malicious Solidity VSCode Extension Backdoors Developers

    SleepyDuck malware disguised as a Solidity extension in the Open VSX registry has been downloaded over 53,000 times, targeting developers using AI-driven IDEs like Cursor and Windsurf. It uses an Ethereum smart contract for command-and-control, ensuring persistence by retrieving instructions from...

    Read More »

Related Topics

security enhancements (1) system data collection (1) malware persistence (1) ethereum smart contracts (1) remote access trojan (1) vs code extensions (1) open vsx registry (1) command-and-control server (1)