By ByteBot
Microsoft removed two malicious VS Code extensions in early December 2025 after they infected developers with infostealer malware disguised as a Bitcoin theme and an AI coding assistant. Bitcoin Black and Codo AI, published under the name “BigBlack,” stole credentials, crypto wallets, and browser sessions while appearing to be legitimate productivity tools. The incident highlights a 389% surge in malicious VS Code extensions this year, turning the world’s most popular IDE into a prime attack vector.
How Legitimate Tools Became Malware
Bitcoin Black posed as a “premium dark theme inspired by Bitcoin” with 16 installs before Microsoft removed it on December 5. Codo AI, marketed as an “AI-powered coding assistant with ChatGPT and DeepSeek integration,” had 25 installs before removal on December 8. Both extensions were functional, providing real features while running malware in the background.
The attack used DLL hijacking with the legitimate Lightshot screenshot tool. Both extensions bundled Lightshot.exe with a malicious DLL that deployed an infostealer as “runtime.exe” when the legitimate executable launched. Security researcher Idan Dardikman from Koi Security discovered that the malware “steals your WiFi passwords, reads your clipboard, and hijacks your browser sessions.”
The sophistication is alarming. The malware captured screenshots of developers’ displays, harvested credentials through headless browser hijacking, drained crypto wallets, and exfiltrated clipboard contents. The attacker even based the malicious DLL on Lightshot’s original code, using the same mutex identifier to evade detection.
The 2025 Supply Chain Crisis
This isn’t an isolated incident. Malicious VS Code extension detections surged from 27 in 2024 to 105 in the first ten months of 2025, a 389% increase. In October, the GlassWorm worm infected 35,800 developer machines. That same month, Wiz researchers discovered 550+ secrets exposed across 500+ extensions. In November, the fake “prettier-vscode-plus” extension delivered multi-stage malware.
Developer tools have become high-value targets because compromising one developer grants access to entire organizations. Developers maintain credentials to AWS, GitHub, and production systems. VS Code extensions run with user privileges and have broad filesystem and network permissions. The security model has fundamentally shifted from protecting code to protecting the tools used to write code.
According to a Checkmarx report, 81% of organizations admit to knowingly shipping vulnerable code, yet developer security practices lag far behind the threats. The tools developers trust most are now the biggest vulnerability.
Microsoft’s Security Theater
Microsoft’s “Verified Publisher” blue checkmark is misleading. It only requires domain ownership proof, meaning anyone can buy a domain and get verified. There’s no code review for extensions, and attackers bypass malware scanning by publishing benign extensions first, then pushing malicious updates later through auto-updates.
Microsoft does implement security measures including malware scanning with Microsoft Defender, sandboxed environment testing, and secret scanning for API keys (added in 2025 after Wiz’s disclosure). But these measures are reactive, not proactive. The marketplace’s trust model is fundamentally broken.
Microsoft confirmed removing Bitcoin Black, Codo AI, and a third extension “BigBlack.mrbigblacktheme” but hasn’t changed the core marketplace security model. Extensions can still be updated with malware after passing initial vetting.
What Developers Must Do Now
Start by auditing your installed extensions and removing unused ones. Before installing new extensions, verify publisher reputation beyond the “verified” badge. Check ratings, reviews, and download counts. Review the permissions extensions request. If source code is available, review it.
Consider disabling auto-updates or carefully weigh the trade-offs. Install only extensions you actively need. Run development environments as non-admin users and use containers or VMs to isolate development. Maintain an extension inventory for faster incident response.
Organizations should implement centralized extension allowlists, whitelist approved extensions team-wide, and conduct regular security audits of development environments. Security awareness training on supply chain risks is no longer optional.
The reality is that no single measure prevents all attacks. Developer security requires a layered approach, and current practices must catch up to the threats. The tools you use to write secure code have become your biggest security risk.
The Path Forward
As AI coding assistants like Codo AI expand the attack surface, more sophisticated attacks are inevitable. The industry needs a fundamental shift in how developer tools are secured. Open marketplaces need better code review, sandboxing, and verification that goes beyond domain ownership.
Until that happens, trust nothing by default. The Bitcoin Black and Codo AI incidents prove that functional, useful extensions can hide devastating malware. Your IDE is no longer a safe space.
