Threat actor WhiteCobra is attacking VS Code, Cursor, and Windsurf users by distributing malicious extensions through popular extension repositories. Their campaign involves sophisticated impersonation tactics and the use of malware like LummaStealer to drain cryptocurrency wallets. #WhiteCobra #LummaStealer
Keypoints
- WhiteCobra targets VS Code, Cursor, and Windsurf users with malicious extensions.
- The campaign includes impersonation and sophisticated fake extensions with high download counts.
- Malicious payloads execute platform-specific malware to steal data and drain wallets.
- The threat group operates in an organized manner capable of launching new campaigns in hours.
- Security advice emphasizes verifying projects, avoiding impersonation, and cautious extension downloads.