Two malicious extensions on Microsoft’s Visual Studio Code Marketplace infect developers’ machines with information-stealing malware that can take screenshots, steal credentials, crypto wallets, and hijack browser sessions.

The marketplace hosts extensions for the popular VSCode integrated development environment (IDE) to extend functionality or add customization options.

The two malicious extensions, called Bitcoin Black and Codo AI, masquerade as a color theme and an AI assistant, respectively, and were published under the developer name ‘BigBlack.’