Summary: Nine malicious VSCode extensions have been discovered on Microsoft’s Visual Studio Code Marketplace, masquerading as legitimate tools while infecting users with the XMRig cryptominer. These extensions, which have reportedly over 300,000 installs, execute a PowerShell script to disable system defenses and install cryptocurrency mining software. Users are urged to remove the extensions immediately and clean their systems of any related malware components.
Affected: Microsoft Visual Studio Code Marketplace
Keypoints :
- Nine extensions published on April 4, 2025, have infected users with XMRig cryptominer.
- The extensions include popular tools like Discord Rich Presence and Solidity Compiler, collectively boasting over 300,000 installs.
- Malicious PowerShell scripts disable system defenses and install additional malware without raising user suspicion.