Malicious VS Code Extensions Target Developers with Hidden Infostealer

Cybersecurity researchers have uncovered a new threat targeting developers through Visual Studio Code (VS Code) extensions. Two malicious extensions, Bitcoin Black and Codo AI, were discovered on the official VS Code marketplace, capable of silently stealing sensitive data including screenshots, browser sessions, and stored credentials. These findings, detailed by the Koi Security research team, highlight a growing trend of cybercriminals leveraging trusted developer tools to deliver sophisticated malware.

Summary of the Threat

Koi Security’s report exposes an unusual campaign in which attackers disguised malware within seemingly harmless VS Code extensions. Bitcoin Black masqueraded as a cryptocurrency-themed color scheme, while Codo AI posed as a functional AI coding assistant integrating ChatGPT and DeepSeek. Despite their different lures, both extensions secretly executed scripts that downloaded a malicious DLL payload alongside a legitimate Lightshot screenshot tool.

The threat leveraged activation events and PowerShell routines uncommon for standard themes or tools. Bitcoin Black, claiming to be only a theme, engaged in suspicious operations, whereas Codo AI provided genuine coding features that helped mask its malicious intent. Researchers observed rapid evolution across versions: Version 2.5.0 used a complex PowerShell routine to download a password-protected ZIP archive, while by Version 3.3.0, the delivery chain was simplified into a hidden batch script fetching an executable and DLL over HTTP.

Once executed, the infostealer harvested a broad spectrum of sensitive data: clipboard contents, installed programs, running processes, desktop screenshots, stored WiFi credentials, and browser session information. The malware exploited DLL hijacking, pairing a legitimate Lightshot binary with the attacker’s DLL to evade detection, and communicated with command-and-control (C2) servers to exfiltrate stolen data. A unique mutex ensured only a single instance ran at a time, further enhancing the stealthiness of the operation.

Both extensions appear to be the work of the same threat actor, experimenting with different social engineering approaches. As Koi Security warns, developers installing seemingly harmless themes or useful AI tools may unknowingly expose their most sensitive information to remote attackers. Alarmingly, at the time of the report, Codo AI remained active on the VS Code marketplace, underscoring the ongoing risk to the developer community.

What Undercode Say: Analyzing the Developer Tool Threat Landscape

The discovery of Bitcoin Black and Codo AI represents a sophisticated evolution in cyberattacks targeting software developers. Historically, malware campaigns often relied on email phishing, malicious downloads, or compromised websites. This campaign demonstrates a shift toward exploiting trusted software ecosystems themselves, in this case, the VS Code marketplace.

By embedding malicious functionality within legitimate-looking extensions, attackers exploit the implicit trust developers place in curated tools. Bitcoin Black’s cosmetic appeal as a theme and Codo AI’s practical coding assistance illustrate how social engineering is fused with technical sophistication. Attackers effectively weaponize routine development workflows, making detection by typical endpoint protection measures more challenging.

The use of DLL hijacking alongside trusted binaries like Lightshot is particularly alarming. This tactic allows malware to execute under the guise of familiar software, bypassing security alerts while maintaining persistent access. Combined with PowerShell and batch scripts, the malware achieves a highly flexible and stealthy delivery mechanism. Observing multiple versions with refined payload strategies indicates active development and iterative improvement by the threat actor, suggesting a well-resourced operation rather than opportunistic attacks.

The breadth of data collected—clipboard contents, WiFi credentials, browser sessions, running processes—provides attackers with an extensive profile of the target’s system and behavior. Such information can facilitate further attacks, ranging from account takeover and lateral movement to corporate espionage or cryptocurrency theft. Developers often manage sensitive projects and credentials; compromise of such data has the potential for high-impact consequences beyond individual machines.

The attack also signals an urgent need for enhanced security hygiene within the developer community. While marketplaces like VS Code offer a degree of vetting, malicious extensions can slip through due to novel obfuscation techniques and convincing social engineering. Organizations and individual developers must adopt multi-layered defenses, including sandboxing of untrusted extensions, monitoring of network traffic, and careful review of permissions requested by extensions.

Furthermore, this campaign underscores the evolving security risks of AI-powered developer tools. The integration of AI assistants, while improving productivity, introduces additional attack surfaces. Users may assume these tools are safe due to their functionality, inadvertently lowering their guard.

From a broader perspective, these findings reflect the increasing sophistication of cybercriminals targeting software supply chains. The combination of social engineering, technical exploitation, and continuous iteration highlights a trend where attackers focus on long-term access and stealth, rather than simple one-time data theft. Developers and security teams must adjust to this new reality, treating even small or cosmetic extensions as potential vectors for serious compromise.

🔍 Fact Checker Results

✅ Bitcoin Black and Codo AI extensions were confirmed malicious by Koi Security.
✅ The malware collected screenshots, clipboard contents, WiFi credentials, and browser session data.
❌ Neither extension had any legitimate cryptocurrency or AI-based functionality free of malware.

📊 Prediction

The discovery of these extensions is likely the first of many similar attacks targeting development tools. Developers may see stricter marketplace vetting, increased awareness campaigns, and improved detection mechanisms. However, attackers are expected to refine obfuscation and leverage AI tools themselves for more convincing social engineering, potentially leading to a surge in supply chain-focused attacks over the next 12–18 months. 🔒💻🚨