Cybersecurity researchers have discovered two new extensions in the Microsoft Visual Studio Code (VS Code) Marketplace that are designed to infect developers’ machines with stealer malware.
The VS Code extension pretends to be a coding assistant powered by a premium dark theme and artificial intelligence (AI), but it actually hides secret features that allow it to download additional payloads, take screenshots, and siphon data. The captured information is sent to an attacker-controlled server.
“Your code, your email, your Slack DMs. Whatever you’re seeing on your screen, they’re seeing it too,” said Idan Dardikman of Koi Security. “And that’s just the beginning. They also steal WiFi passwords, read clipboards, and hijack browser sessions.”
The names of the extensions are as follows –
BigBlack.bitcoin-black (16 installations) – Removed by Microsoft on December 5, 2025 BigBlack.codo-ai (25 installations) – Removed by Microsoft on December 8, 2025
A list of extensions that Microsoft has removed from its marketplace shows that the company also removed a third package from the same publisher named “BigBlack.mrbigblacktheme” for containing malware.
“BigBlack.bitcoin-black” is activated with every VS Code action, but Codo AI embeds its malicious functionality within the tools it runs, allowing it to evade detection.
Previous versions of the extension included the ability to run a PowerShell script to download a password-protected ZIP archive from an external server (“syn1112223334445556667778889990[.]org”) and extracts the main payload using four different methods: Windows native Expand-Archive, .NET System.IO.Compression, DotNetZip, and 7-Zip (if installed).
However, the attackers are said to have inadvertently shipped a version that could create a visible PowerShell window and alert users. However, in subsequent iterations, I found that switching to a batch script that uses the curl command to download executables and DLLs hides the window and streamlines the entire process.
This executable is a legitimate Lightshot binary that is used to load a malicious DLL (‘Lightshot.dll’) via DLL hijacking, which collects clipboard contents, list of installed apps, running processes, desktop screenshots, saved Wi-Fi credentials, and detailed system information. It also launches Google Chrome and Microsoft Edge in headless mode to retrieve stored cookies and hijack user sessions.
“When a developer installs what appears to be a benign theme or useful AI tool, WiFi passwords, clipboard contents, and browser sessions can be exposed to a remote server within seconds,” Durdikman said.
This disclosure comes after Socket announced that it had identified malicious packages capable of collecting sensitive data across the Go, npm, and Rust ecosystems.
A Go package named “github”[.]com/bpoorman/uuid” and “github”[.]com/bpoorman/uid” and typosquat’s trusted UUID library (“github[.]com/google/uuid” and “github”[.]com/pborman/uuid”) to extract the data to a paste site called dpaste when the application explicitly calls the expected helper function named “valid” with the information to be validated. A set of 420 unique npm packages, likely published by a French-speaking attacker, that follow a consistent naming pattern that includes “elf-stats-*”. Part of it includes code that runs a reverse shell and extracts files into Pipedream. A Rust crate named finch-rust published by faceless. It impersonates the legitimate bioinformatics tool ‘finch’ and acts as a loader for malicious payloads via a credential-stealing package known as ‘sha-rust’ when developers use the library’s sketch serialization functionality.
“Finch-rust acts as a malware loader. It contains most of the legitimate code copied from the legitimate finch package, but one malicious line that loads and executes the sha-rust payload,” said socket researcher Kush Pandya. “This separation of concerns makes it difficult to detect. While finch-rust appears harmless on its own, sha-rust contains actual malware.”
Source link
