Malicious Visual Studio Code extensions target developers with hidden malware

Researchers have identified over a dozen malicious Visual Studio Code extensions targeting software developers, particularly in web3 and cryptocurrency. These extensions deploy hidden second-stage malware from suspicious domains, complicating detection. The campaign, first reported in early October 2024, includes heavily obfuscated files that download additional malware. The malicious packages are designed for popular tools like Zoom and Solidity, with similar threats found on NPM. The number of affected systems is likely in the thousands, making the attack hard to detect. Developers are advised to verify software packages carefully before downloading.