Malicious VS Code extensions aimed at developers writing Ethereum smart contracts have been identified as installing malware that pilfers cryptocurrency wallet credentials. The attack is connected to threat actor MUT-9332, which recently distributed a Monero cryptominer. The malicious extensions configure to launch with VS Code, initiating a multistage infection chain that installs credential-stealing extensions on Chromium-based browsers. The malware also creates a firewall rule to block Microsoft updates and telemetry infrastructure. Users have been advised to vet extensions before use.
Lumma infostealer infected about 10 million systems before global disruption
The FBI has dismantled the LummaC2 malware operation, which infected around 10 million devices and conducted millions of attacks. The malware enabled cybercriminals to steal
