My organization identified this malware on my laptop. One main channel I could see it ending up on my machine is through Cursor’s OpenVSX marketplace (I do not use OpenVSX in VSCode or otherwise).
The extensions I had that had been modified since Oct 17 (allegedly the time the malware hit the marketplace) are:
jeronimoekerdt.color-picker-universal-2.8.91
eamodio.gitlens-17.6.2
ms-vscode.cmake-tools-1.21.36-universal
twxs.cmake-0.0.17-universal
go2sh.cmake-integration-vscode-0.7.1
josetr.cmake-language-support-vscode-0.0.9
ms-dotnettools.vscode-dotnet-runtime-2.3.6-universal
rust-lang.rust-analyzer-0.3.2660-linux-x64
anysphere.cursorpyright-1.0.10
the puzzling bit is that I couldn’t find any of these in the reported affected extensions…
All in all, take this with a grain of salt, because I have no solid evidence that my computer got it through Cursor, but I hope to raise some awareness amongst Cursor users, who are by default OpenVSX users as well.
Is there a way to switch to MS marketplace or is OpenVSX the only way to use Cursor? In that case, until this malware situation is contained on OpenVSX, it might introduce a non-trivial security risk to use Cursor.
