Hackers Stolen $500,000 in Crypto Assets by Weaponizing AI Extension

A sophisticated cybercrime operation has successfully stolen $500,000 in cryptocurrency assets from a Russian blockchain developer through a malicious extension targeting the Cursor AI integrated development environment.

The attack, which occurred in June 2025, represents a concerning evolution in supply chain attacks that exploit the growing popularity of AI-assisted development tools.

The incident began when the victim, a security-conscious developer who had recently installed a fresh operating system, searched for a Solidity syntax highlighting extension within the Cursor AI IDE.

Despite using online malware detection services and maintaining strict security practices, the developer inadvertently installed a malicious package that masqueraded as a legitimate development tool.

The fake extension, published under the name “Solidity Language,” had accumulated 54,000 downloads before being detected and removed.

What makes this attack particularly insidious is its exploitation of search ranking algorithms to position the malicious extension above legitimate alternatives.

The attackers leveraged the Open VSX registry’s relevance-based ranking system, which considers factors including recency of updates, download counts, and ratings.

By publishing their malicious extension with a recent update date of June 15, 2025, compared to the legitimate extension’s May 30, 2025 update, the cybercriminals successfully manipulated their package to appear fourth in search results while the authentic extension ranked eighth.

Securelist analysts identified the malware after conducting a forensic analysis of the victim’s compromised system.

The investigation revealed that the malicious extension contained no actual syntax highlighting functionality, instead serving as a dropper for a multi-stage attack chain.

Infection Chain

The malware’s infection mechanism demonstrates a sophisticated understanding of both social engineering and technical evasion techniques.

Upon installation, the malicious extension.js file, located at %userprofile%.cursorextensionssolidityai.solidity-1.0.9-universalsrcextension.js, immediately initiated contact with the command and control server at angelic[.]su.

The initial PowerShell script retrieved from https://angelic[.]su/files/1.txt checked for the presence of ScreenConnect remote management software on the victim’s machine.

If ScreenConnect was not detected, the malware downloaded a secondary script from https://angelic[.]su/files/2.txt, which then retrieved the ScreenConnect installer from https://lmfao[.]su/Bin/ScreenConnect.ClientSetup.msi.

This legitimate remote access tool was configured to communicate with the attackers’ infrastructure at relay.lmfao[.]su, providing persistent access to the compromised system.

The use of legitimate administrative tools represents a common tactic employed by advanced persistent threat actors to blend malicious activity with normal system operations.

The attack infrastructure reveals a well-organized operation extending beyond this single incident.

Researchers discovered related malicious packages including “solsafe” in the npm repository and three additional Visual Studio Code extensions: solaibot, among-eth, and blankebesxstnion, all employing identical infection methodologies and communicating with the same command and control infrastructure.

Investigate live malware behavior, trace every step of an attack, and make faster, smarter security decisions -> Try ANY.RUN now