Malware, Security Operations, DevOps

Malicious IDE extension targets developers, uses Solana blockchain for C2

Business man using computer hand close up futuristic cyber space decentralized finance AI chatbot coding background business data analytics programming network metaverse digital world technology

As reported by HackRead, a malicious extension targeting the Windsurf IDE has been discovered, posing a significant risk to sensitive data.

The attack utilizes a fake extension disguised as a legitimate tool for the R programming language, named "reditorsupporter.r-vscode-2.8.8-universal" to mimic a popular extension. This malware communicates using the Solana blockchain to retrieve encrypted JavaScript fragments, bypassing traditional firewall defenses. Upon successful infiltration, it drops files like "w.node" and "c_x64.node" to initiate data theft.

The malware exhibits selective targeting, ceasing operations if it detects any association with Russia. For other victims, it proceeds to steal passwords and session cookies from browsers such as Google Chrome. A self-sustaining PowerShell script creates a hidden task, "UpdateApp," ensuring persistent access.

Source: HackRead

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds