A sophisticated remote access trojan named SleepyDuck has infiltrated the Open VSX IDE extension marketplace, targeting developers. Initially published as version 0.0.7, the extension appeared harmless until a malicious update to version 0.0.8 introduced capabilities that compromised over 14,000 users. This malware particularly targets the popular Solidity development tool, leveraging name squatting to deceive users into downloading what they believe to be a legitimate resource.
What distinguishes this malware is its unique persistence mechanism that utilizes the Ethereum blockchain, allowing it to maintain control even if its primary server is taken offline. SleepyDuck retrieves critical machine information and communicates with its command and control server, sleepyduck[.]xyz, through a fast polling interval. Its malicious architecture not only maintains stealth but ensures sustained access, making it a troubling evolution in malware that heavily integrates blockchain technology.
👉 Pročitaj original: Cyber Security News
