A malicious extension disguised as a legitimate Solidity language tool infected devices, stealing cryptocurrency and installing remote access tools. This incident highlights the risks of open-source package repositories being exploited by threat actors. #QuasarRAT #OpenVSX
Keypoints
- Cybercriminals used a fake extension to infect developersβ devices and steal cryptocurrency.
- The malicious extension impersonated a legitimate syntax highlighting tool for Ethereum smart contracts.
- Remote PowerShell scripts installed ScreenConnect, granting full remote access to hackers.
- Malicious payloads included Quasar RAT and credential-stealing malware like PureLogs.
- Inflated download counts and gaming algorithms were used to promote malicious extensions on open repositories.