Two malicious Visual Studio Code (VSCode) extensions were discovered on Microsoft’s marketplace, infecting developers’ machines with powerful information-stealing malware capable of taking screenshots, harvesting credentials, stealing cryptocurrency wallets, and hijacking browser sessions.
The extensions called “Bitcoin Black” and “Codo AI” were uploaded by a publisher named “BigBlack” and disguised as a color theme and AI assistant. According to researchers at Koi Security, Bitcoin Black immediately caught attention because of its “*” activation event, which triggers code execution on every VSCode action. Despite posing as a simple theme, the extension executed PowerShell commands, which such add-ons typically shouldn’t be able to do.
Early versions of Bitcoin Black downloaded malicious payloads using a password-protected archive, briefly opening a PowerShell window that could alert victims. Newer versions, however, used a hidden batch script (bat.sh) that uses curl to fetch a DLL and an executable without any visible prompts.
Codo AI, while offering legitimate code assistance through ChatGPT or DeepSeek, hid similar malicious functionality. Both extensions delivered a valid copy of the Lightshot screenshot utility alongside a trojanized DLL. Using a DLL hijacking technique, the malware loads through runtime.exe to deploy an info-stealer that is currently detected by 29 out of 72 antivirus engines on VirusTotal.
Once active, the malware creates an “Evelyn” directory inside %APPDATA%Local to store harvested data. Stolen information includes system details, clipboard contents, WiFi passwords, installed programs, running processes, browser screenshots, and more. To capture cookies and session tokens, it launches Chrome and Edge in headless mode, enabling silent session hijacking. It also targets cryptocurrency wallets such as Phantom, MetaMask, and Exodus, searching for keys and stored credentials.
Recently, a third wave of the Glassworm supply-chain attack campaign has been observed, with researchers identifying 24 newly uploaded malicious packages on both the OpenVSX and Microsoft Visual Studio Code marketplaces.