Russian Blockchain Developer Loses $500,000 to Malicious Code Editor Extension Exploiting Open-Source Repositories
Brief news summary
A Russian blockchain developer lost $500,000 after installing a malicious Solidity extension from the Open VSX registry for the Cursor AI code editor. The fake extension, downloaded over 54,000 times and ranked higher than the legitimate one, contained no real features but secretly installed a PowerShell script deploying ScreenConnect remote access software, giving attackers full control of the system. It also used VBScripts to download stealers that extracted sensitive data from browsers, email clients, and crypto wallets, enabling theft of passwords and digital assets. This incident is part of a broader campaign targeting developers with malicious extensions like "solaibot," "among-eth," and npm packages such as “solsafe.” After removal, attackers rapidly re-upload fake versions with similar names, exploiting Open VSX’s ranking system, which favors new packages, to deceive users. Experts urge blockchain developers to exercise extreme caution when installing open-source packages, as criminals increasingly exploit these platforms to steal cryptocurrency assets.A Russian blockchain developer lost $500, 000 in cryptocurrency after installing a malicious extension for his code editor, highlighting how criminals exploit open-source repositories to deceive developers. The developer had installed a seemingly legitimate Solidity extension from the Open VSX registry for his Cursor AI editor. With 54, 000 downloads and a higher search ranking than the authentic version, it appeared trustworthy. However, the malicious extension offered no syntax highlighting functionality. Instead, it secretly downloaded a PowerShell script from angelic[. ]su, which installed ScreenConnect remote access software. This backdoor gave attackers full control over the developer’s system. The attack started when the developer was searching for a Solidity syntax highlighter. The malware also installed several VBScript files that downloaded stealers from paste. ee. These tools gathered data from browsers, email clients, and crypto wallets, enabling attackers to steal passwords and cryptocurrency. A broader campaign targeting developers This incident is part of a wider campaign.
Researchers have identified similar malicious extensions like “solaibot, ” “among-eth, ” and “blankebesxstnion. ” Additionally, a malicious npm package named “solsafe” was found using the same tactic. The criminals constantly evolve their methods. After the initial fake extension was removed, they quickly released a new one with the same name as the legitimate package. By mimicking the username (juanbIanco versus juanblanco) and boosting downloads to two million, they aimed to trick developers again. The Open VSX ranking algorithm aids these criminals by boosting new packages in search results, allowing malicious software to outrank legitimate options. Attackers systematically exploit this vulnerability. These attacks specifically target blockchain developers, likely due to their access to valuable cryptocurrency. Experts urge developers to exercise extra caution when installing packages from open-source repositories.
Watch video about
Russian Blockchain Developer Loses $500,000 to Malicious Code Editor Extension Exploiting Open-Source Repositories
Try our premium solution and start getting clients — at no cost to you
I'm your Content Creator.
Let’s make a post or video and publish it on any social media — ready?
Content Maker
Last news
The Best for your Business
Hot news
AIMM: AI-Driven Framework for Detecting Social-Me…
AIMM: An Innovative AI-Driven Framework to Detect Social-Media-Influenced Stock Market Manipulation In today's fast-changing stock trading environment, social media has emerged as a key force shaping market dynamics
Exclusive: Filevine Acquires Pincites, AI-Powered…
Legal technology firm Filevine has acquired Pincites, an AI-driven contract redlining company, enhancing its footprint in corporate and transactional law and advancing its AI-focused strategy.
AI's Impact on SEO: Transforming Search Engine Op…
Artificial intelligence (AI) is rapidly reshaping the field of search engine optimization (SEO), providing digital marketers with innovative tools and new opportunities to refine their strategies and achieve superior results.
Deepfake Detection Advances with AI Video Analysis
Advancements in artificial intelligence have played a crucial role in combating misinformation by enabling the creation of sophisticated algorithms designed to detect deepfakes—manipulated videos where original content is altered or replaced to produce false representations intended to deceive viewers and spread misleading information.
5 Best AI Sales Systems That Convert Without Huma…
The rise of AI has transformed sales by replacing lengthy cycles and manual follow-ups with fast, automated systems operating 24/7.
Latest AI and Marketing News: Weekly Roundup (Dec…
In the swiftly evolving realm of artificial intelligence (AI) and marketing, recent significant developments are shaping the industry, introducing both new opportunities and challenges.
OpenAI sees better margins on business sales, rep…
The publication stated that the company enhanced its “compute margin,” an internal metric representing the portion of revenue remaining after covering the costs of operating models for paying users of its corporate and consumer products.
AI Company
Launch your AI-powered team to automate Marketing, Sales & Growth
and get clients on autopilot — from social media and search engines. No ads needed
Begin getting your first leads today
Your News is ready
Your article is ready
Lorem ipsum dolor sit amet consectetur adipisicing elit. Fuga dolor minus maiores. Aut vero expedita dicta, dolorem odit excepturi odio doloremque voluptatem repellat aliquam? Dolores nemo eum id pariatur! Nobis!
Generating video takes longer than text.
