As reported by HackRead, a malicious extension targeting the Windsurf IDE has been discovered, posing a significant risk to sensitive data.The attack utilizes a fake extension disguised as a legitimate tool for the R programming language, named "reditorsupporter.r-vscode-2.8.8-universal" to mimic a popular extension. This malware communicates using the Solana blockchain to retrieve encrypted JavaScript fragments, bypassing traditional firewall defenses. Upon successful infiltration, it drops files like "w.node" and "c_x64.node" to initiate data theft.The malware exhibits selective targeting, ceasing operations if it detects any association with Russia. For other victims, it proceeds to steal passwords and session cookies from browsers such as Google Chrome. A self-sustaining PowerShell script creates a hidden task, "UpdateApp," ensuring persistent access.Source: HackRead
Malware, Security Operations, DevOps
Malicious IDE extension targets developers, uses Solana blockchain for C2

(Adobe Stock)
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



