Cybernews reports that nearly half a dozen malicious VSCode extensions, which have amassed hundreds of downloads, have been enabling clandestine cryptomining operations against vibe coders.Most notable of the identified extensions, all of which are published by DevelopmentInc, was a Pokmon-themed tool, which purports to add syntax highlighting and theming, as well as dancing Pikachu sprites, according to Secure Annex researcher John Tuckner. However, activating the extension triggers the automated retrieval and execution of the Monero cryptomining malware, which has been concealed via spoofing requests that seem to appear from Google Chrome.Aside from allowing escalated privileges, the cryptomining payload also deactivates Windows Defender and attains persistence. Similar cryptomining malware deployment has been observed in other DevelopmentInc extensions claiming to offer Minecraft theming and artificial intelligence coding capabilities.Despite the removal of all illicit extensions from the VSCode marketplace, developers have been urged to be wary of their potential reemergence.
DevOps, Threat Intelligence
Cryptomining targeted by fake VSCode extensions
(Credit: Postmodern Studio – stock.adobe.com)
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds