A fake VS Code extension called "ClawdBot Agent" was found to be a trojan that installs malware on Windows machines without user interaction. Although it appeared legitimate, it secretly connected to a remote server to deliver malicious payloads. The investigation reveals sophisticated tactics and multiple layers of redundancy in the attack.

Security researchers found a harmful extension in the Open VSX registry that installs a remote access trojan called SleepyDuck. Initially released as harmless, the extension was updated shortly after gaining 14,000 downloads, enabling it to access user systems and exfiltrate data. Users are warned to be cautious when downloading extensions from unverified sources.

A hacker is exploiting GitHub by distributing backdoored source code, specifically targeting hackers, gamers, and researchers. The malicious repositories, linked to the publisher "ischhfd83," deploy hidden backdoors through various means, leading to the installation of remote access trojans and info-stealers, which pose significant risks to users who compile the code. Sophos researchers warn of the sophisticated multi-step infection process that follows the download of these trojanized files.