🚨 WhiteCobra campaign uncovered 🚨
⚠️ 24+ malicious extensions uploaded to VSCode, Cursor & Windsurf
⚠️ Fake branding + inflated reviews
⚠️ LummaStealer malware draining wallets & stealing credentials
💬 Should marketplaces vet extensions more rigorously?

#CyberSecurity #WhiteCobra #VSCode

WhiteCobra Targets Developers with Dozens of Malicious Extensions A threat group is dropping two dozen malicious extensions into the VSCode and Open VSX marketplaces, targeting developers using the VSCode, Cursor, and Windsurf source code editing tools with the goal of draining cryptocurrency wallets. Researchers with security firm Koi Security have been tracking WhiteCobra’s activities for more than a year as the bad actors […]

WhiteCobra Targets Developers with Dozens of Malicious Extensions A threat group is dropping two dozen malicious extensions into the VSCode and Open VSX marketplaces, targeting developers using the VSCode, Cursor, and Windsurf source code editing tools with the goal of draining cryptocurrency wallets. Researchers with security firm Koi Security have been tracking WhiteCobra’s activities for more than a year as the bad actors […]

WhiteCobra infiltra 24 estensioni VSCode e Cursor con LummaStealer, rubando crypto e segreti. Campagna, caso zak.eth e difese tecniche.

#Cursor #Lumma #LummaStealer #OpenVSX #VSCode #WhiteCobra
www.matricedigitale.it/2025/09/15/w...

WhiteCobra floods VS Code Marketplace and OpenVSX with malicious VSIX extensions (e.g., contractshark.solidity-lang). One fake package had 54,000 OpenVSX downloads; actor re-uploads removed packages to stay active. #WhiteCobra #VSIX #OpenVSX https://bit.ly/3K0ekZb