WhiteCobra Targets Developers with Dozens of Malicious Extensions - DevOps.com

WhiteCobra Targets Developers with Dozens of Malicious Extensions - DevOps.com

Briefly

"A threat group is dropping two dozen malicious extensions into the VSCode and Open VSX marketplaces, targeting developers using the VSCode, Cursor, and Windsurf source code editing tools with the goal of draining cryptocurrency wallets. Researchers with security firm Koi Security have been tracking WhiteCobra's activities for more than a year as the bad actors have continued to push new malicious extensions - on a weekly basis - as others are being detected and taken down."

"Koi's Ronen noted that Cole "is not just any victim, he's a security professional with a decade of security experience, hinting on the level of sophistication these attacks have achieved." He wrote that Koi had reported about a new wave of malicious extensions that have since been taken down, but that "WhiteCobra continues to upload new malicious extensions on a weekly basis, including just this week. Making [Cole] far less likely from being the last victim.""

"In August, Zak Cole, an Ethereum developer, reported in a post on X (formerly Twitter) that his crypto wallet was drained. "I've been in crypto for over 10 years and I've Never been hacked. Perfect OpSec record," Cole wrote. "Yesterday, my wallet was drained by a malicious @cursor_ai extension for the first time. If it can happen to me, it can happen to you.""