A malicious extension for the Solidity programming language in the Cursor AI IDE led to a $500,000 cryptocurrency theft. The fake extension, downloaded 54,000 times, appeared higher in search results than the legitimate one due to ranking algorithm factors. It installed malware that downloaded PowerShell scripts, installed remote management software, and deployed data-stealing payloads. The attackers obtained wallet passphrases and stole cryptocurrency. Similar malicious packages were found targeting blockchain developers. The incident highlights the ongoing threat of malicious open-source packages in the crypto industry and the need for caution when downloading tools from package repositories. Author: AlienVault
Related Tags:
cursor ai
solidity
developers
VMDetector
HEUR:Trojan-PSW.MSIL.PureLogs.gen
Quasar
T1102.002
T1036.004
data theft
Associated Indicators:
70309BF3D2AED946BBA51FC3EEDB2DAA3E8044B60151F0B5C1550831FBC6DF17
2C471E265409763024CDC33579C84D88D5AAF9AEA1911266B875D3B7604A0EEB
EB5B35057DEDB235940B2C41DA9E3AE0553969F1C89A16E3F66BA6F6005C6FA8
84D4A4C6D7E55E201B20327CA2068992180D9EC08A6827FAA4FF3534B96C3D6F
404DD413F10CCFEEA23BFB00B0E403532FA8651BFB456D84B6A16953355A800A
lmfao.su
angelic.su
staketree.net
https://staketree.net/2.txt