Malicious VS Code extensions: what developers need to know now
Blog|by Leanne Bevan|12 December 2025
How attackers hid malware in plain sight
Bitcoin Black, marketed as a “premium dark theme”, triggered code execution every time VS Code launched - thanks to the * activation event. Even more suspicious? It could run PowerShell scripts, something no theme should ever need.
This is a prime example of how malicious VS Code extensions can exploit activation events to run scripts.
Codo AI, one of the malicious VS Code extensions, offered genuine functionality via ChatGPT and DeepSeek. But behind the scenes, it concealed malicious code, making detection far harder.
The initial payload used PowerShell and a password-protected ZIP. Later, attackers switched to a stealthy batch script (.bat.sh) that silently fetched two things:
- Lightshot.exe (a legitimate screenshot tool)
- A malicious DLL
Inside the attack: how data was stolen
Once installed, the extension paired Lightshot.exe with the DLL using DLL hijacking. From there, the infostealer went to work:
- Capturing screenshots, clipboard data, running processes, installed programmes, and Wi‑Fi credentials
- Harvesting browser cookies and hijacking sessions by launching Chrome and Edge in headless mode
- Stealing crypto wallet details from MetaMask, Phantom, Exodus, and others
Stolen data was stored in %APPDATA%\Local\Evelyn, with a mutex (a system lock) to prevent duplicates. The DLL was flagged by 29 out of 7. antivirus engines on VirusTotal.
What happened - and what you should do now
The good news? Both extensions had low download counts - Bitcoin Black had just one install, and Codo AI fewer than 30. Microsoft acted fast, removing Bitcoin Black on 5 December and Codo AI on 8 December, along with a similar malicious theme called BigBlack.mrbigblacktheme.
But this isn’t an isolated case. Malicious VS Code extensions are part of a growing trend: supply-chain attacks targeting trusted developer tools.
This incident is part of a larger trend where attackers exploit trusted developer tools as malware conduits. Similar attacks include:
- GlassWorm, injecting infostealers into VS Code and Open VSX extensions
- A fake Prettier formatter delivering a remote access trojan (RAT)
- Icon themes hiding Rust-based implants
These examples show why vigilance matters. IDE extensions are becoming prime targets for social engineering and malware delivery.
Your safety checklist
To protect your development environment:
- Install extensions only from reputable publishers
- Check activation events - themes should only use JSON files, not scripts
- Monitor for unusual behaviour, like unexpected network calls or processes
Optimise your security
Want to safeguard your development pipeline? Book a free Seven Layers of Security Assessment with our cyber security team. Find gaps in your security and discover the best ways to remediate them. We’ll help you find gaps and provide recommendations on how to strengthen your defences. For instance, with tools like static code analysis, app monitoring, and encryption.
Sources:
- https://www.bleepingcomputer.com/news/security/malicious-vscode-extensions-on-microsofts-registry-drop-infostealers/
- https://cybernews.com/security/microsoft-vscode-malicious-extensions/
- https://www.infosecurity-magazine.com/news/malicious-vs-code-extensions/
- https://cyberpress.org/microsoft-registry-vulnerability/
- https://visualstudiomagazine.com/articles/2025/12/08/threat-actors-keep-weaponizing-vs-code-extensions.aspx