Extensions
Malicious VSCode extension in Cursor IDE led to $500K crypto theft
A fake extension for the Cursor AI IDE code editor infected devices with remote access tools and infostealers, which, in one case, led to the theft of $500,000 in cryptocurrency from a Russian crypto developer. Cursor AI IDE is an AI-powered development environment based on Microsoft’s Visual Studio Code. It includes support for Open VSX, an alternative […]
Dozens of fake wallet add-ons flood Firefox store to drain crypto
More than 40 fake extensions in Firefox’s official add-ons store are impersonating popular cryptocurrency wallets from trusted providers to steal wallet credentials and sensitive data. Some of the extensions pretend to be wallets from Coinbase, MetaMask, Trust Wallet, Phantom, Exodus, OKX, Keplr, and MyMonero, and include malicious code that sends stolen information to attacker-controlled servers. Researchers […]
Mozilla launches new system to detect Firefox crypto drainer add-ons
Mozilla has developed a new security feature for its add-on portal that helps block Firefox malicious extensions that drain cryptocurrency wallets. According to a recent blog post, Mozilla’s new security system creates risk profiles for each submitted wallet extension and triggers automated risk alerts if a pre-defined threshold is exceeded. These alerts will prompt human […]
Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs
A Google Chrome Web Store campaign uses over 100 malicious browser extensions that mimic legitimate tools, such as VPNs, AI assistants, and crypto utilities, to steal browser cookies and execute remote scripts secretly. The extensions offer some of the promised functionality, but also connect to the threat actor’s infrastructure to steal user information or receive […]
Malicious VSCode extensions infect Windows with cryptominers
Nine VSCode extensions on Microsoft’s Visual Studio Code Marketplace pose as legitimate development tools while infecting users with the XMRig cryptominer to mine Ethereum and Monero. Microsoft VSCode is a popular code editor that allows users to install extensions to extend the program’s functionality. These extensions can be downloaded from Microsoft’s VSCode Marketplace, an online […]
VSCode extensions found downloading early-stage ransomware
Two malicious VSCode Marketplace extensions were found deploying in-development ransomware, exposing critical gaps in Microsoft’s review process. The extensions, named “ahban.shiba” and “ahban.cychelloworld,” were downloaded seven and eight times, respectively, before they were eventually removed from the store. It is notable that the extensions were uploaded onto the VSCode Marketplace on October 27, 2024 (ahban.cychelloworld) […]
Microsoft apologizes for removing VSCode extensions used by millions
Microsoft has reinstated the ‘Material Theme – Free’ and ‘Material Theme Icons – Free’ extensions on the Visual Studio Marketplace after finding that the obfuscated code they contained wasn’t actually malicious. The two VSCode extensions, which count over 9 million installs, were pulled from the VSCode Marketplace in late February over security risks, and their […]
VSCode extensions with 9 million installs pulled over security risks
Microsoft has removed two popular VSCode extensions, ‘Material Theme – Free’ and ‘Material Theme Icons – Free,’ from the Visual Studio Marketplace for allegedly containing malicious code. The two extensions are very popular, having been downloaded nearly 9 million times in total, with users now receiving alerts in VSCode that the extensions have automatically been […]
Firefox continues Manifest V2 support as Chrome disables MV2 ad-blockers
Mozilla has renewed its promise to continue supporting Manifest V2 extensions alongside Manifest V3, giving users the freedom to use the extensions they want in their browser. Manifest V3 is a Google-developed browser extension specification aimed at making add-on functionality in web browsers safer by restricting overly permissive network requests and remote content loading. Despite […]
Malware force-installs Chrome extensions on 300,000 browsers, patches DLLs
An ongoing and widespread malware campaign force-installed malicious Google Chrome and Microsoft Edge browser extensions in over 300,000 browsers, modifying the browser’s executables to hijack homepages and steal browsing history. The installer and extensions, which are usually undetected by antivirus tools, are designed to steal data and execute commands on infected devices. The campaign was discovered by […]