Find notable cyber news and cases, enriched with sources, timelines, and signals.

Bitcoin Black and Codo AI VS Code extensions delivering infostealer

Malware Activity
First reported
Last updated
Happening score
H score 31
2 unique sources, 2 articles

Summary

Hide ▲

The Bitcoin Black and Codo AI extensions on Microsoft's Visual Studio Code Marketplace are delivering an infostealer to developers' machines, creating immediate risk of stolen credentials, crypto wallets, and browser sessions. The malicious code uses DLL hijacking and hidden download steps to avoid obvious user warnings. The activity matters because compromised developer workstations can expose both local secrets and active online sessions.

Related Happenings

Search for perplexity ai malicious Chrome extension

Malware Activity
H score29 First: 29.06.2026 21:40 Last: 29.06.2026 21:40 Sources 1

About this happening: A malicious **Chrome extension** named **Search for perplexity ai** impersonated **Perplexity AI** while **intercepting search traffic** and collecting **browsing information** th...

Mistic backdoor deployment via ClickFix and DLL side-loading

Malware Activity
H score22 First: 25.06.2026 11:54 Last: 25.06.2026 11:54 Sources 1

About this happening: The **Mistic** backdoor is being used in **financially motivated attacks** against organizations across **insurance, education, IT, and professional services**, raising the risk o...

Edgecution malicious Microsoft Edge extension backdoor activity

Malware Activity
H score23 First: 24.06.2026 23:58 Last: 24.06.2026 23:58 Sources 1

About this happening: The **Edgecution** malware is extending a **Microsoft Edge** browser foothold into host-level compromise by abusing **Chrome Native Messaging** and launching a **Python-based back...

Microsoft AutoGen Studio AutoJack MCP WebSocket command execution security flaw

Vulnerability
H score33 First: 22.06.2026 20:28 Last: 22.06.2026 20:28 Sources 1

About this happening: Microsoft’s **AutoJack** chain exposed **AutoGen Studio** to **arbitrary command execution** for developers building from the main GitHub branch before the hardening commit.

JetBrains Marketplace malicious plugins exfiltrating AI provider keys

Malware Activity
H score12 First: 17.06.2026 12:38 Last: 17.06.2026 12:38 Sources 1

About this happening: A **JetBrains Marketplace** malware operation has pushed **15 malicious plugins** that pose as AI coding assistants and steal **AI provider API keys** from developers. The plugins...

Timeline

  1. 09.12.2025 00:30 2 articles · 7mo ago

    Koi Security reports malicious VS Code extensions on Microsoft's registry

    Initial Disclosure

    Koi Security identified Bitcoin Black and Codo AI on Microsoft's Visual Studio Code Marketplace as malicious extensions that masquerade as a color theme and an AI assistant while delivering an infostealer to developers' machines, with capabilities to steal screenshots, credentials, browser sessions, and crypto wallets.

    Show sources