Just a heads-up for anyone using Cursor or VSCode forks, a malicious “Solidity Language” extension made its way into the Open VSX registry and stole over $500,000 in crypto from a dev.
This wasn’t some sloppy script kiddie job, it silently pulled a PowerShell script from a shady Russian domain, installed ScreenConnect for remote access, and dropped full-on info stealers like Quasar RAT and PureLogs.
Cursor AI IDE is an AI-powered development environment based on Microsoft’s Visual Studio Code. It includes support for Open VSX, an alternative to the Visual Studio Marketplace, that allows you to install VSCode-compatible extensions to expand the software’s functionality.Kaspersky reports that they were called in to investigate a security incident where a Russian developer working in cryptocurrency reported that $500,00 in crypto was stolen from his computer. The machine had no antivirus software installed, but it was said to be clean.
The worst part? It outranked the legit extension in search just by gaming the algorithm. This wasn’t an accident, it was a calculated supply-chain attack. If you’re coding anything sensitive, especially crypto-related, audit everything or you might be next.
Read more: Malicious VSCode extension in Cursor IDE led to $500K crypto theft