- What: The Clawdbot malware is a malicious VS Code extension that steals sensitive data including screen captures and credentials.
- Why: Attackers are targeting developers through fake extensions on the VS Code marketplace, exploiting trust in the development ecosystem.
- Impact: Developers who install the fake extension risk data breaches, credential theft, and potential system compromise.
https://jh.live/hex-rays || Disassemble, decompile and debug with IDA Pro! Use promo code HAMMOND50 for 50% off any IDA Pro product (license discount is only applicable to individuals for any product, not corporations https://hex-rays.com/pricing) and code HAMMOND30 for 30% off any IDA Pro online training https://hex-rays.com/training. Offer expires one year after video release date. https://www.aikido.dev/blog/fake-clawdbot-vscode-extension-malware https://www.trendmicro.com/en_us/research/26/a/analysis-of-the-evelyn-stealer-campaign.html https://www.koi.ai/blog/the-vs-code-malware-that-captures-your-screen Learn Cybersecurity and more with Just Hacking Training: https://jh.live/training See what else I'm up to with: https://jh.live/newsletter ℹ️ Affiliates: Learn how to code with CodeCrafters: https://jh.live/codecrafters Host your own VPN with OpenVPN: https://jh.live/openvpn Get Blue Team Training and SOC Analyst Certifications with CyberDefenders: https://jh.live/cyberdefense