{"id":224456,"date":"2025-11-04T01:15:28","date_gmt":"2025-11-04T07:15:28","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/11\/fake-solidity-vscode-extension-on-open-vsx-backdoors-developers"},"modified":"2025-11-04T01:15:28","modified_gmt":"2025-11-04T07:15:28","slug":"fake-solidity-vscode-extension-on-open-vsx-backdoors-developers","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/11\/fake-solidity-vscode-extension-on-open-vsx-backdoors-developers","title":{"rendered":"Fake Solidity VSCode extension on Open VSX backdoors developers"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/fake-solidity-vscode-extension-on-open-vsx-backdoors-developers2.jpg\"><\/a><\/p>\n<p>A remote access trojan dubbed SleepyDuck, and disguised as the well-known Solidity extension in the Open VSX open-source registry, uses an Ethereum smart contract to establish a communication channel with the attacker.<\/p>\n<p>Open VSX is a community-driven registry for extensions compatible with VS Code, which are popular with AI-powered integrated development environments (IDEs) like Cursor and Windsurf.<\/p>\n<p>The extension is still present on Open VSX as \u2018juan-bianco.solidity-vlang\u2019, albeit with a warning from the platform, and has been downloaded more than 53,000 times.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A remote access trojan dubbed SleepyDuck, and disguised as the well-known Solidity extension in the Open VSX open-source registry, uses an Ethereum smart contract to establish a communication channel with the attacker. Open VSX is a community-driven registry for extensions compatible with VS Code, which are popular with AI-powered integrated development environments (IDEs) like Cursor [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1761],"tags":[],"class_list":["post-224456","post","type-post","status-publish","format-standard","hentry","category-cryptocurrencies"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/224456","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=224456"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/224456\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=224456"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=224456"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=224456"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}