Cybersecurity News in Asia

RECENT STORIES:

SEGA moves faster with flow-based network monitoring
AI agents are turning “always‑on” access into a ghost admin problem...
Sports loses trust as fans compete with bots
US Treasury sanctions VPN provider accused of supporting ransomware op...
US CISA advisory highlights ongoing state-sponsored attacks on routers...
CloudMile and Tookitaki Sign MoU to Strengthen AI-Driven Financial Cri...
LOGIN REGISTER
CybersecAsia
  • Features
    • Featured

      S E Asia governments targeted by cyber-espionage group

      S E Asia governments targeted by cyber-espionage group

      Tuesday, June 23, 2026, 8:00 AM Asia/Singapore | Features
    • Featured

      Rethinking network and infrastructure design for resilience

      Rethinking network and infrastructure design for resilience

      Thursday, June 18, 2026, 2:17 PM Asia/Singapore | Features
    • Featured

      Bringing cybercriminals to justice in APAC

      Bringing cybercriminals to justice in APAC

      Thursday, June 11, 2026, 10:30 AM Asia/Singapore | Features
  • Opinions
  • Tips
  • Whitepapers
  • AWARDS 2026
  • Directory
  • E-Learning

Select Page

News

Malicious extension in open code marketplace causes US$500k cryptocurrency theft from developer

By CybersecAsia editors | Thursday, July 17, 2025, 2:37 PM Asia/Singapore

Malicious extension in open code marketplace causes US$500k cryptocurrency theft from developer

Attackers exploited an open-source extension vulnerability to install malware, harvest sensitive credentials, and exfiltrate high-value cryptocurrency before takedown.

A fake software extension for the Cursor AI development environment, which leverages technologies from Visual Studio Code, has resulted in a Russian blockchain developer losing US$500,000 in cryptocurrency after unwittingly installing and using it.

The compromised extension, falsely presented as “Solidity Language” in the Open VSX marketplace, was promoted to the top of search results through artificial inflation of its download count to 54,000 to boost interest.

The incident, which first occurred in June 2025, is only now coming to light after the completion of several investigative stages. Cybersecurity experts required extensive time for forensic analysis to fully uncover the attack method:

  • Upon installation, the extension added no genuine functionality but instead ran a PowerShell script that deployed ScreenConnect, granting attackers remote access to the victim’s system.
  • This access enabled attackers to install additional malware, including the Quasar backdoor and PureLogs infostealer, which harvested sensitive data such as browser credentials and wallet seed phrases, facilitating the theft of digital assets.
  • Investigation and reporting were delayed due to the need for:
    • Comprehensive malware analysis and attribution
    • Ongoing remediation efforts as the attackers republished the malicious package, eventually inflating its download count to nearly two million
    • Victim confidentiality concerns and asset-tracing attempts with law enforcement
    • Coordinated takedown and industry alerts to prevent further infections and inform the broader developer community.

This case exposes persistent risks within open-source developer tool marketplaces, particularly where ranking algorithms and moderation practices can be abused. It highlights how attackers leverage trust in popular AI and coding environments to target crypto-focused developers with sophisticated social engineering and technical exploits.

According to a spokesperson for Kaspersky, the firm that disclosed the incident: “Spotting compromised open-source packages with the naked eye is becoming increasingly difficult. Threat actors are using increasingly creative tactics to deceive potential victims, even developers who have a strong understanding of cybersecurity risks — particularly those working in the blockchain development field.”

Share:

PreviousHow to detect and contain evasive lateral threats in hybrid cloud environments
NextSurvey of SMEs reveals most feel ready for cyber incidents, but few meet advanced security standards

Related Posts

Take note: fraudsters are digitalizing faster than the FI industry!

Take note: fraudsters are digitalizing faster than the FI industry!

Wednesday, February 15, 2023

Keep your eye on the SPARROW that exploits LTE, 5G wireless networks

Keep your eye on the SPARROW that exploits LTE, 5G wireless networks

Tuesday, September 28, 2021

If you are a Twitch user, do these two things quickly!

If you are a Twitch user, do these two things quickly!

Monday, October 11, 2021

Protect only high- and medium- sensitivity data: the rest is dispensable, right?

Protect only high- and medium- sensitivity data: the rest is dispensable, right?

Tuesday, October 10, 2023

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

Slide

CybersecAsia Voting Placement

Gamification listing or Participate Now

PARTICIPATE NOW

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

  • Critical Security Threatsand the Need for ZTNA: How evolving cyberattacks demand a Zero Trust approach

    Critical Security Threatsand the Need for ZTNA: How evolving cyberattacks demand a Zero Trust approach

    Cyber threats have become more frequent and sophisticated, targeting organizations of all sizes across all …Download Whitepaper
  • Zero Trust Made Simple: Why it matters and how to get started

    Zero Trust Made Simple: Why it matters and how to get started

    Data breaches and cyberattacks are no longer limited to large, high-profile organizations.Download Whitepaper
  • Cloud Secure Edge: Remote access, better security

    Cloud Secure Edge: Remote access, better security

    ​SonicWall Cloud Secure Edge™ is a modern, cloud-native Security Service Edge (SSE) solution that addresses …Download Whitepaper
  • Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats

    Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats

    Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper

Middle-sidebar-banner

Case Studies

  • How a Vietnamese D2C retailer built its own secure digital infrastructure

    How a Vietnamese D2C retailer built its own secure digital infrastructure

    Would your organization build your own digital infrastructure – including AI governance and cybersecurity – …Read more
  • Cyber protection for medical clinics in Singapore

    Cyber protection for medical clinics in Singapore

    As Singapore’s healthcare sector becomes increasingly digital and interconnected, clinics are facing heightened cyber risks, …Read more
  • India’s WazirX strengthens governance and digital asset security

    India’s WazirX strengthens governance and digital asset security

    Revamping its custody infrastructure using multi‑party computation tools has improved operational resilience and institutional‑grade safeguardsRead more
  • Bangladesh LGED modernizes communication while addressing data security concerns

    Bangladesh LGED modernizes communication while addressing data security concerns

    To meet emerging data localization/privacy regulations, the government engineering agency deploys a secure, unified digital …Read more

Bottom sidebar

Other News

  • CloudMile and Tookitaki Sign MoU to Strengthen AI-Driven Financial Crime Prevention in Malaysia

    Wednesday, July 15, 2026
    KUALA LUMPUR, Malaysia, July 15, …Read More »
  • VIDA Demonstrates How Passwordless Authentication Can Break the Scam Chain

    Monday, July 13, 2026
    KUALA LUMPUR, Malaysia, July 13, …Read More »
  • Sparsa AI Launches Sovereign Enterprise AI Platform with Global Deployment at QNET

    Wednesday, July 8, 2026
    The Sparsa AI Enterprise Operating …Read More »
  • Conifers AI Opens Singapore Data Region, Bringing Local Data Residency to Asia-Pacific Security Teams

    Wednesday, July 8, 2026
    With data regions now spanning …Read More »
  • DXC Opens Flagship AI-first Customer Experience Center in Bengaluru

    Tuesday, July 7, 2026
    Strengthens DXC’s India presence with …Read More »
  • Our Brands
  • DigiconAsia
  • MartechAsia
  • Home
  • About Us
  • Contact Us
  • Sitemap
  • Privacy & Cookies
  • Terms of Use
  • Advertising & Reprint Policy
  • Media Kit
  • Subscribe
  • Manage Subscriptions
  • Newsletter

Copyright © 2026 CybersecAsia All Rights Reserved.