All news with #lummastealer tag

WhiteCobra Floods VSCode Market with Malicious Extensions

⚠️ A threat actor known as WhiteCobra has been publishing malicious VSIX extensions across VS Code Marketplace and OpenVSX, targeting users of VSCode, Cursor, and Windsurf with professionally crafted listings. The campaign comprises at least 24 identified extensions and remains active as the actor quickly re-uploads packages after takedown. Installed extensions execute a small loader that fetches platform-specific payloads; on Windows this chain leads to deployment of LummaStealer, while macOS builds execute a malicious Mach-O. Researchers warn that polished icons, forged descriptions, and inflated download counts were used to lend credibility and trick developers into installing the packages.