Malicious software has been discovered in popular developer tools, raising concerns about data privacy and security. Researchers have uncovered two malicious VS Code extensions, 'BigBlack.bitcoin-black' and 'BigBlack.codo-ai', which were designed to steal sensitive information from developers' machines. These extensions, disguised as premium dark themes and AI-powered coding assistants, secretly download additional payloads, take screenshots, and siphon data to an attacker-controlled server. The malware can access your code, emails, Slack messages, and even your WiFi passwords and clipboard contents. But here's where it gets controversial: while the initial versions of the extensions used PowerShell scripts to download and extract payloads, subsequent iterations have been found to hide the PowerShell window and streamline the process by switching to a batch script that uses a curl command to download the executable and DLL. This makes detection even more challenging. And this is the part most people miss: the malware also launches Google Chrome and Microsoft Edge in headless mode to grab stored cookies and hijack user sessions. The disclosure comes as Socket identified malicious packages across the Go, npm, and Rust ecosystems that are capable of harvesting sensitive data. These packages impersonate trusted UUID libraries and execute reverse shells to exfiltrate files to a Pipedream endpoint. The controversy lies in the fact that these malicious packages have been available since 2021, and the separation of concerns makes detection harder. So, what do you think? Do you think developers are aware of the risks and are taking adequate precautions? Or do you think more needs to be done to protect developers from these types of threats? Share your thoughts in the comments below!
