A Chrome extension with 7,000 users and a Google Featured badge was recently sold, weaponized, and pushed a malicious update to that executed code through a hidden pixel. Here's how it worked 👇

LimaCharlie released their Agentic SecOps Workspace recently which runs Claude Code in their UI including MCP servers. It's never been so easy to just say 'look at my detections and research the extensions'. Even though 1Password falls under an unapproved policy, at least it isn't malicious!

As predicted - "oorzc" a developer with extensions totalling 25,000 legitimate installs across 4 extensions looks to have had their Open VSX account compromised and published malicious updates. The worst part is this...

The next supply chain worm has been seeded in Open VSX. A cloned Angular extension with 5000 downloads has been available for two weeks and was updated with malware 6 days ago. This multi stage attack uses etherhiding, gcal c2, rust implants, and more. annex.security/blog/worms-l...

Obsidian Security identifies a set of 25 extensions impersonating popular AI providers affecting over 500,000 real users by stealing API keys, prompt poaching, and capturing search queries. It's the wild west in the extension store! www.obsidiansecurity.com/blog/small-t...

If you've had to listen to me over the last couple months, it's likely you would've hear me say that all of our most important apps will have extensions or plugins for integration. Think we're learning from past mistakes?

A browser extension, PasteReady, was listed for sale last May became malicious after an ownership transfer on December 27th. Many organizations have been impacted by extensions which changed hands. @secureannex.com watches for transfers and warns you in advance! www.linkedin.com/pulse/paster...

Pyrefly - Python Language Tooling by Meta is the 4th most used extension in Open VSX. Be careful downloading the 'Pro' version in Cursor hoping you'll get some extra features, it is published by 'casendsabotnu954' who just joined GitHub the other day. Textbook cloning and staging behavior!

Loving a new detection that identifies code extensions published by new and lightly used GitHub accounts.This time it instantly caught an extension impersonating JFrog which already has over 10k downloads.

Not the "pulling a Rabbit out of a hat" magic trick that most want. This Firefox extension completely changes from a "Simple Label Editor" to a Rabby wallet stealer overnight.

A browser extension with over a million users is poaching the prompts of leading AI chat tools. SimilarWeb loads obfuscated remote configuration to collect the prompts, responses and metadata of your conversations. Your private thoughts are analytics companies gain. secureannex.com/blog/prompt-...

These code comments are an improvement from: 1. Request malware 2. Download malware 3. Make malware executable 4. Run malware This is the extent of the extension available in the VS Marketplace. Installs a Mythic agent from the C2.

Monitoring a large influx of AI slop extensions that are reposting a marginally refactored but known malicious package. The marketplace listings are packed with emojis and a couple sections of 'features'. This one made the mistake of linking to an already known piece of malware.

Welcome to Antigravity the newest most advanced agentic AI development tool by Google... ... uses Open VSX for extensions and shows malicious listings to users.

Changing how an extension looks in a marketplace doesn't require new code to be pushed. Check out the magic when this "Test Extension" magically turns into a "solidity" extension after being published. Review the full lineage of a marketplace listing using the new date picker in Secure Annex.

Vibed coded malicious extensions are getting out of hand! This 'theme' downloads a malicious zip, unpacks it, and runs it silently with PowerShell.

16 Firefox extensions with the almost the same name, same permhash requesting the most sensitive permission combinations like <all_urls> and cookies. Something being staged?

Glassworm returned in a big way during the holiday. We're tracking 23 code extensions across the VS Marketplace and Open VSX which copy popular extensions, evade filters, manipulate their download counts, and then update with sinister malware. secureannex.com/blog/glasswo...

Malware in Open VSX and available in Cursor right now tailwind-nuxt.tailwindcss-for-react flutcode.flutter-extension yamlcode.yaml-vscode-extension

Unprecedented code extension attacks this week. All are name squatting on popular tools. Only a couple have had malware deployed, many are still staging, few have been removed from marketplaces. There may be more coming. VS Marketplace: iconkieftwo.icon-theme-materiall 1/3

Imagine how useful it would be if the Chrome Web Store showed you users over time. This ad blocker went from 0 to 40,000 users overnight! 🤔

Going to have to reread Hacking: The Art of Exploitation, 2nd Edition by Jon Erickson in order to keep up with the advanced tactics we're starting to see in VS Code extension malware.

Really excited to being supporting crxaminer.tech with some Secure Annex details. Looking forward to more opportunities to get more information on browser extensions out there!

Mackenzie Jackson is raising a red flag about the risks IDE extensions present. Always on top of the top industry trends. Thanks for letting me share a bit! m.youtube.com/watch?v=FiJ_...

The extension was approved, now what? Are you going back tomorrow to see if it changed? You know they auto update instantly right? Rolling out to Secure Annex - code change alerts. This compares past code with additional context to understand how an extension is changing over time. Catch bad quick!

A brand new unlisted extension with 100,000 users? 41 ratings? Must be really valuable. Nope - completely manipulated stats and it doesn't even contain real code. It exists only to collect your searches and earn Bing Rewards.

We've found code extensions openly call themselves malware in the VS Code marketplace recently and now browser extensions posing as known malicious remote access tools to the Chrome Web Store. What gives?

Attracting a lot of fans these days

Did you know you can manage an allowlist of MCP extensions and MCP servers (yes they're different) used by Claude desktop? If you're a Claude Enterprise customer you can configure these settings centrally and roll them out. This is separate from Claude Code though. Are you using this feature?

Powerful new Detections are added to Secure Annex. These are already catching subtle exploits like unicode extension names that evade other filters, manipulated download counts, and combinations of suspicious signatures in code.

Two of these Cursor extensions will compromise your device the second you hit install. Good luck!

Ridiculously cool that Tines is able to connect to MCP servers now. Understand entirely what any of the browser or code extensions you use might actually be doing. Orchestrate your extension review process or check if "Hello Kitty - You Glow Girl Cute Live Wallpaper" is more than what it says.

Ransomware has appeared in the VS Marketplace and makes me worry. Clearly created through AI, it makes many mistakes like including decryption tools in extension. If this makes it into the marketplace through, what impact would anything more sophisticated cause? secureannex.com/blog/ransomv...

-Couple loses fortune to scammers -Valid accounts still rule the day for initial access -Open VSX rotate leaked creds -ZeroAccess botnet dev is now a software dev -BadCandy flourishes in Australia -New Katreus miner -Malware reports on Aura Stealer, SectopRAT, SleepyDuck RAT, OysterLoader

From North Korean tradecraft to being used in Cursor extensions in two weeks. Etherhiding is a technique where malware can use Ethereum contracts as a resilient C2 channel detailed by Google Oct 15th. It is now appearing in code extensions with the first sighting November 1st.

From North Korean tradecraft to being used in Cursor extensions in two weeks. Etherhiding is a technique where malware can use Ethereum contracts as a resilient C2 channel detailed by Google Oct 15th. It is now appearing in code extensions with the first sighting November 1st.

The SleepyDuck code extension malware is an advanced remote access trojan allowing for remote command execution on any endpoint that installs it. Take down the C2 server? It uses an Ethereum contract to update its settings to a new endpoint. secureannex.com/blog/sleepyd...

If you thought you were ahead by using Windsurf... nope! Check out the @secureannex.com extension to protect yourself from malicious extensions right now. open-vsx.org/extension/se...

Today's edition of pick the right solidity in Cursor. Yes - this IS different than yesterday

Three malicious solidity extensions were published to Open VSX today. Would you be able to tell which is the real one in Cursor? This repeated behavior has been going on since June and anyone can detect it by just matching against 'solidity'. When will progress be made?

Most of us just want a Pikachu sprite dancing on our code, but threat actors want to spoil the fun. Yesterday five malicious VS Code extensions were published, one a Pokemon theme and syntax highlighter, but instead disable Windows Defender and installs a cryptominer secureannex.com/blog/pokemon...

My first response from VS Marketplace support is requesting supporting additional evidence I have that this listing is malware. If anyone can publish an extension with admittedly malicious intent with no response, what does that do for the health of the marketplace?

The "test malware" made it's way into the VS Marketplace easily

🙄🙄🙄

New docs available for Secure Annex! A bunch of new integration and setup guides to integrate with your environment. docs.secureannex.com

Dangerous namesquat for Tailwind just published to Open VSX currently. Caught less than an hour after publishing. Tagged and blocked in Secure Annex.

New, by me at this.weekinsecurity.com: If you're not using ad blockers, you should be! In this deep-dive blog, I explain why ad blockers are critical for your online security and privacy, what threats ad blockers can help defend against, and we'll explore at some of the best ad blockers out there.

None other than @cnn.com serving malware through the ads on its site...

Interesting piece of protestware in the browser extension space. Injects a script that autoplays the Ukrainian national anthem on '.ru' domains.

Secure Annex now has a code editor extension to help manage other extensions. One installation will protect VS Code, Cursor, and Windsurf. Any extension known to be malicious/suspicious will be uninstalled immediately from your editors. Get in touch if you're interested!