Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware
29.01.2026
7538
A fake VS Code extension posing as a Moltbot AI assistant installed ScreenConnect malware, giving attackers persistent remote access to developer systems.
Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware
A fake VS Code extension posing as a Moltbot AI assistant installed ScreenConnect malware, giving attackers persistent remote access to developer systems. This supply chain attack targeted devs through the official VS Code Marketplace, showing how even trusted platforms can be compromised.
The malicious extension, disguised as a helpful AI coding tool, leveraged ScreenConnect (now ConnectWise Control) to establish remote control. This allowed attackers to execute commands, steal data, and maintain persistence on infected machines—basically a full takeover.
Key details: The attack was discovered by security researchers, highlighting vulnerabilities in open-source ecosystems. It underscores the risks of AI tool hype being exploited for malware distribution. Developers are urged to verify extensions and monitor for unusual activity.
- • Fake Moltbot AI assistant extension on VS Code Marketplace
- • Installs ScreenConnect malware for remote access
- • Targets developers through supply chain attack
- • Uses trusted platform to bypass security checks
- • Enables persistent control and data theft
This incident is a stark reminder: even in 2026, cybercriminals are weaponizing AI trends. Always check extension sources, keep software updated, and use security tools to scan for anomalies. Stay sharp, devs—your code isn't the only thing that needs protecting.
#VS Code extensions#supply chain attacks#malware#fraudulent extensions#fake AI tools
Got a topic? Write to ATLA WIRE on Telegram:t.me/atla_community
