SleepyDuck

A remote access trojan dubbed SleepyDuck, and disguised as the well-known Solidity extension in the Open VSX open-source registry, uses an Ethereum smart contract to establish a communication channel with the attacker. Open VSX is a community-driven registry for extensions compatible with VS Code, which are popular with AI-powered integrated development environments (IDEs) like Cursor and Windsurf. […]