Fake Solidity VSCode extension on Open VSX backdoors developers

A remote access trojan dubbed SleepyDuck, and disguised as the well-known Solidity extension in the Open VSX open-source ...
The Hacker News

Malicious VSX Extension "SleepyDuck" Uses Ethereum to Keep Its Command Server Alive

Researchers uncover SleepyDuck RAT hidden in VSX extension, using Ethereum contracts to control infected hosts.
Arabian Post

Registry Token Leak Exposes Open VSX Supply-Chain Weakness

Security researchers from Wiz flagged more than 550 exposed secrets within public repositories, among which tokens belonging to Open VSX accounts were identified. The leaked tokens permitted ...