WhiteCobra Targets Developers with Dozens of Malicious Extensions - DevOps.com

Threat actors are turning developer tools into attack vectors.Koi Security reports that the group WhiteCobra has been uploading malicious VSCode, Cursor, and Windsurf extensions designed to drain cryptocurrency wallets. Victims include experienced developers — one with over a decade of “perfect OpSec” who still lost funds.The group’s leaked playbook reveals just how industrialized these campaigns have become: pre-written social media templates, automated fake downloads to inflate credibility, and revenue projections of $10K an hour — or up to $500K an hour targeting “whale” wallets.The attacks leverage hidden scripts, LummaStealer malware, and manipulation of marketplace trust signals. With ratings and download counts easily faked, even seasoned professionals are vulnerable.Full report 👉 [link]Hashtags:#DevOps #AppSec #CyberSecurity #VSCode #Cursor #CryptoSecurity #DevSecOps