Mastodawn

🚨 Malicious “SleepyDuck” hijacks developer workflows A malicious VS Code extension named #SleepyDuck leverages compromised NPM packages to implant a reverse shell in dev environments, enabling code injection, credential theft and lateral movement. 🔗 read more:

Malicious VSX Extension "Sleep...

Malicious VSX Extension "SleepyDuck" Uses Ethereum to Keep Its Command Server Alive

Researchers uncover SleepyDuck RAT hidden in VSX extension, using Ethereum contracts to control infected hosts.

The Hacker News

The DefendOps Diaries Nov 3

A trusted Solidity extension turned traitor – the SleepyDuck Trojan used blockchain to stealthily control developers’ tools. Could your favorite extension be hiding a dark secret?

https://thedefendopsdiaries.com/the-sleepyduck-trojan-how-a-malicious-solidity-extension-exploited-open-vsx/

#sleepyduck
#soliditysecurity
#openvsx
#blockchainmalware
#vscodeextension
#cyberthreats
#malwareanalysis
#developersecurity
#infosec