A malicious extension disguised as a Solidity tool was uploaded to Open VSX, employing SleepyDuck malware that uses Ethereum smart contracts for command-and-control. Despite platform warnings, over 53,000 downloads highlight the extent of its spread and persistence, leveraging blockchain for resilience. #SleepyDuck #EthereumSmartContract
Keypoints
- The SleepyDuck malware uses an Ethereum smart contract to maintain communication with its command server.
- The malicious extension was initially harmless but was quickly upgraded with malicious capabilities after release.
- The malware gathers system data and can activate on IDE startup or when certain commands are executed.
- Ethereum blockchain allows SleepyDuck to remain operational even if the primary C2 server is taken down.
- Open VSX is actively implementing security measures to combat malicious extensions and protect developers.