{"id":226735,"date":"2025-12-09T01:23:03","date_gmt":"2025-12-09T07:23:03","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/12\/malicious-vscode-extensions-on-microsofts-registry-drop-infostealers"},"modified":"2025-12-09T01:23:03","modified_gmt":"2025-12-09T07:23:03","slug":"malicious-vscode-extensions-on-microsofts-registry-drop-infostealers","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/12\/malicious-vscode-extensions-on-microsofts-registry-drop-infostealers","title":{"rendered":"Malicious VSCode extensions on Microsoft\u2019s registry drop infostealers"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/malicious-vscode-extensions-on-microsofts-registry-drop-infostealers.jpg\"><\/a><\/p>\n<p>Two malicious extensions on Microsoft\u2019s Visual Studio Code Marketplace infect developers\u2019 machines with information-stealing malware that can take screenshots, steal credentials, crypto wallets, and hijack browser sessions.<\/p>\n<p>The marketplace hosts extensions for the popular VSCode integrated development environment (IDE) to extend functionality or add customization options.<\/p>\n<p>The two malicious extensions, called Bitcoin Black and Codo AI, masquerade as a color theme and an AI assistant, respectively, and were published under the developer name \u2018BigBlack.\u2019<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Two malicious extensions on Microsoft\u2019s Visual Studio Code Marketplace infect developers\u2019 machines with information-stealing malware that can take screenshots, steal credentials, crypto wallets, and hijack browser sessions. The marketplace hosts extensions for the popular VSCode integrated development environment (IDE) to extend functionality or add customization options. The two malicious extensions, called Bitcoin Black and Codo [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1318,34,6],"tags":[],"class_list":["post-226735","post","type-post","status-publish","format-standard","hentry","category-bitcoin","category-cybercrime-malcode","category-robotics-ai"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/226735","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=226735"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/226735\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=226735"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=226735"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=226735"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}