Cybersecurity researchers have uncovered two malicious extensions on the Microsoft Visual Studio Code (VS Code) Marketplace that were designed to infect developer systems with stealer malware. Disguised as a premium theme and an AI-powered coding assistant, the extensions secretly downloaded additional payloads, captured screenshots, extracted sensitive data, and transmitted it to an attacker-controlled server. As Koi Security’s Idan Dardikman warned, “Your code. Your emails. Your Slack DMs. Whatever’s on your screen, they’re seeing it too… And that’s just the start. It also steals your WiFi passwords, reads your clipboard, and hijacks your browser sessions.”
Microsoft has since removed the identified extensions — BigBlack.bitcoin-black (16 installs) and BigBlack.codo-ai (25 installs) — along with a third package, BigBlack.mrbigblacktheme, from the same publisher after confirming their malicious behavior. While “BigBlack.bitcoin-black” executed its payload on every VS Code action, Codo AI embedded its malware within functional features, enabling it to appear useful and avoid detection.
Earlier builds of the extensions attempted to fetch a password-protected ZIP file from an external server (“syn1112223334445556667778889990[.]org”) using PowerShell and extract its contents via four different methods, including Expand-Archive and .NET System.IO.Compression. Researchers noted that one version mistakenly opened a visible PowerShell window — a potential giveaway — but later versions concealed the window and shifted to a batch script using curl to retrieve the malware.
The final payload involved a legitimate Lightshot executable paired with a malicious Lightshot.dll for DLL hijacking. Once activated, the DLL harvested clipboard data, system details, Wi-Fi credentials, installed application lists, running processes, and desktop screenshots. It also launched Google Chrome and Microsoft Edge in headless mode to extract cookies and hijack active user sessions. “A developer could install what looks like a harmless theme or a useful AI tool, and within seconds their WiFi passwords, clipboard contents, and browser sessions are being exfiltrated to a remote server,” Dardikman said.
The disclosure coincides with broader warnings from supply-chain security firm Socket, which identified malicious packages across multiple ecosystems — including Go, npm, and Rust. These ranged from typosquatted Go libraries exfiltrating data via dpaste, to 420 npm packages capable of creating reverse shells, to a Rust crate (“finch-rust”) acting as a loader for a credential-stealing payload. As Socket’s Kush Pandya noted, “Finch-rust acts as a malware loader… This separation of concerns makes detection harder.”
The findings underscore a rising threat: attackers increasingly target developer tools and ecosystems to compromise software at its source.
 Marketplace that were....){kind=link}