Cybersecurity News in Asia

RECENT STORIES:

SEGA moves faster with flow-based network monitoring
Sasken Partners with VicOne to Deliver End-to-End Automotive Cybersecu...
Ricoh named in TIME World’s Best Companies of 2025 for employee ...
SU Group Holdings Receives Notice of Delisting from Nasdaq Due to Mini...
Fescaro, TUV Nord join forces on auto cybersecurity compliance
Four high-severity flaws found in ERP firm’s products threaten million...
LOGIN REGISTER
CybersecAsia
  • Features
    • Featured

      Combating the surge in Asia Pacific credential abuse and ransomware

      Combating the surge in Asia Pacific credential abuse and ransomware

      Wednesday, September 17, 2025, 5:06 PM Asia/Singapore | Features
    • Featured

      The rise of digital wallets: What businesses in APAC need to know

      The rise of digital wallets: What businesses in APAC need to know

      Tuesday, September 2, 2025, 1:59 PM Asia/Singapore | Features
    • Featured

      Resilience the true benchmark for smart infrastructure

      Resilience the true benchmark for smart infrastructure

      Wednesday, August 27, 2025, 8:21 PM Asia/Singapore | Features, IoT Security
  • Opinions
  • Tips
  • Whitepapers
  • Awards 2025
  • Directory
  • E-Learning

Select Page

News

Malicious extension in open code marketplace causes US$500k cryptocurrency theft from developer

By CybersecAsia editors | Thursday, July 17, 2025, 2:37 PM Asia/Singapore

Malicious extension in open code marketplace causes US$500k cryptocurrency theft from developer

Attackers exploited an open-source extension vulnerability to install malware, harvest sensitive credentials, and exfiltrate high-value cryptocurrency before takedown.

A fake software extension for the Cursor AI development environment, which leverages technologies from Visual Studio Code, has resulted in a Russian blockchain developer losing US$500,000 in cryptocurrency after unwittingly installing and using it.

The compromised extension, falsely presented as “Solidity Language” in the Open VSX marketplace, was promoted to the top of search results through artificial inflation of its download count to 54,000 to boost interest.

The incident, which first occurred in June 2025, is only now coming to light after the completion of several investigative stages. Cybersecurity experts required extensive time for forensic analysis to fully uncover the attack method:

  • Upon installation, the extension added no genuine functionality but instead ran a PowerShell script that deployed ScreenConnect, granting attackers remote access to the victim’s system.
  • This access enabled attackers to install additional malware, including the Quasar backdoor and PureLogs infostealer, which harvested sensitive data such as browser credentials and wallet seed phrases, facilitating the theft of digital assets.
  • Investigation and reporting were delayed due to the need for:
    • Comprehensive malware analysis and attribution
    • Ongoing remediation efforts as the attackers republished the malicious package, eventually inflating its download count to nearly two million
    • Victim confidentiality concerns and asset-tracing attempts with law enforcement
    • Coordinated takedown and industry alerts to prevent further infections and inform the broader developer community.

This case exposes persistent risks within open-source developer tool marketplaces, particularly where ranking algorithms and moderation practices can be abused. It highlights how attackers leverage trust in popular AI and coding environments to target crypto-focused developers with sophisticated social engineering and technical exploits.

According to a spokesperson for Kaspersky, the firm that disclosed the incident: “Spotting compromised open-source packages with the naked eye is becoming increasingly difficult. Threat actors are using increasingly creative tactics to deceive potential victims, even developers who have a strong understanding of cybersecurity risks — particularly those working in the blockchain development field.”

Share:

PreviousHow to detect and contain evasive lateral threats in hybrid cloud environments
NextSurvey of SMEs reveals most feel ready for cyber incidents, but few meet advanced security standards

Related Posts

To use or not to use GenAI for cybersecurity… that is the question

To use or not to use GenAI for cybersecurity… that is the question

Wednesday, October 23, 2024

Potential “repojacking” in GitHub could have landed the world in deep trouble

Potential “repojacking” in GitHub could have landed the world in deep trouble

Monday, November 7, 2022

World’s second largest textile hub lacking in security awareness

World’s second largest textile hub lacking in security awareness

Friday, November 20, 2020

Know the top 3 challenges of adopting hacker-powered security

Know the top 3 challenges of adopting hacker-powered security

Tuesday, July 21, 2020

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
previous arrow
next arrow

CybersecAsia Voting Placement

Gamification listing or Participate Now

PARTICIPATE NOW

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

  • 2024 Insider Threat Report: Trends, Challenges, and Solutions

    2024 Insider Threat Report: Trends, Challenges, and Solutions

    Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
  • AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    The future of cybersecurity is a perfect storm: AI-driven attacks, cloud expansion, and the convergence …Download Whitepaper
  • Data Management in the Age of Cloud and AI

    Data Management in the Age of Cloud and AI

    In today’s Asia Pacific business environment, organizations are leaning on hybrid multi-cloud infrastructures and advanced …Download Whitepaper
  • Mitigating Ransomware Risks with GRC Automation

    Mitigating Ransomware Risks with GRC Automation

    In today’s landscape, ransomware attacks pose significant threats to organizations of all sizes, with increasing …Download Whitepaper

Middle-sidebar-banner

Case Studies

  • CISOs can navigate emerging risks from autonomous AI with a new security framework

    CISOs can navigate emerging risks from autonomous AI with a new security framework

    See how security leaders can adopt layered strategies addressing intent, governance, and oversight to manage …Read more
  • MoneyMe strengthens fraud prevention and credit decisioning

    MoneyMe strengthens fraud prevention and credit decisioning

    Australian fintech strengthens risk management with SEON to scale lending operations securely and efficiently.Read more
  • PT Kereta Api Indonesia announces nationwide email and communication overhaul

    PT Kereta Api Indonesia announces nationwide email and communication overhaul

    The state railway operator’s upgraded email system improves privacy, operational reliability, and regulatory alignment for …Read more
  • Operationalizing sustainability in cybersecurity: Group-IB’s approach

    Operationalizing sustainability in cybersecurity: Group-IB’s approach

    See how the firm turned malware-group takedowns into measurements of sustainability and resilience gains: by …Read more

Bottom sidebar

  • Our Brands
  • DigiconAsia
  • MartechAsia
  • Home
  • About Us
  • Contact Us
  • Sitemap
  • Privacy & Cookies
  • Terms of Use
  • Advertising & Reprint Policy
  • Media Kit
  • Subscribe
  • Manage Subscriptions
  • Newsletter

Copyright © 2025 CybersecAsia All Rights Reserved.