Malicious VS Code Extensions Uncovered, Threatening Developer Security
Cybersecurity researchers have identified two malicious Visual Studio Code extensions, Bitcoin Black and Codo AI, that are capable of stealing sensitive information from users. These extensions, available on the VS Code marketplace, use a combination of social engineering and technical disguise to deploy a DLL-based infostealer. The extensions were detailed in a report by Koi Security, which highlighted their ability to collect data such as clipboard contents, installed programs, running processes, desktop screenshots, stored WiFi credentials, and browser session data. The attackers used DLL hijacking techniques to disguise the malware as a legitimate process, allowing it to run undetected. The extensions were attributed to the same threat actor, who used different lures to target developers. 
