A set of ten malicious VSCode extensions on the Microsoft Visual Studio Code Marketplace has been found to infect users with the XMRig cryptominer for Monero. These extensions masquerade as legitimate tools and execute a PowerShell script to install the malware while also disabling critical Windows security features. Microsoft has since removed the extensions and blocked the publisher from the marketplace.

A browser hijacking campaign has infected 2.3 million users of Chrome and Edge through malicious extensions that started as legitimate tools. These extensions, which include features like color pickers and emoji keyboards, were later updated to include malware that tracks user activity and redirects browser sessions. Microsoft has removed the extensions from its store, but Google has not yet responded to the incident.