Fake Moltbot AI Coding Assistant Drops Malware on VS Code
These articles are AI-generated summaries. Please check the original sources for full details.
Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware
The “ClawdBot Agent - AI Coding Assistant” extension, published by a user named “clawdbot” on January 27, 2026, was found to be a malicious extension that drops a malicious payload on compromised hosts, allowing attackers to gain persistent remote access to developer systems. This extension was taken down by Microsoft after being flagged by cybersecurity researchers.
Why This Matters
The existence of this malicious extension highlights the risks associated with the rising popularity of AI-powered tools like Moltbot, which has gained over 85,000 stars on GitHub. The lack of a legitimate VS Code extension for Moltbot created an opportunity for threat actors to trick unsuspecting developers into installing the malicious extension, potentially leading to significant security breaches and data theft.
Key Insights
- The malicious extension was designed to be executed every time the VS Code IDE is launched, retrieving a file named “config.json” from an external server to execute a binary named “Code.exe” that deploys a legitimate remote desktop program like ConnectWise ScreenConnect: The Hacker News, 2026.
- The application connects to the URL “meeting.bulletmailer[.]net:8041,” granting the attacker persistent remote access to the compromised host: Aikido researcher Charlie Eriksen.
- Moltbot’s open-source nature and lack of secure-by-default configuration make it an attractive target for attackers looking to steal sensitive corporate data: Token Security.
Working Example
# No working example available for this contextPractical Applications
- Use Case: Developers using Moltbot with default configurations are recommended to audit their configuration, revoke all connected service integrations, review exposed credentials, implement network controls, and monitor for signs of compromise.
- Pitfall: Using Moltbot with default configurations can lead to credential exposure, prompt injection vulnerabilities, and compromised instances, allowing attackers to gain persistent remote access to developer systems.
References:
Continue reading
Next article
Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan
Related Content
TamperedChef Malware Campaign Exploits Fake Installers for Persistent Access
TamperedChef malware infects 100K+ systems globally, targeting healthcare and manufacturing sectors via fake installers.
eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware
Attackers breached eScan antivirus update infrastructure to push malicious updates, deploying persistent malware on enterprise and consumer systems, affecting hundreds of machines globally.
CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems
CISA identifies BRICKSTORM malware enabling persistent, stealthy access in U.S. VMware and Windows systems.