- Hackers published fake VSCode extension posing as Moltbot AI assistant
- Extension carried trojan using remote desktop and layered loaders
- Attack quickly detected and stopped, but Moltbot’s site flagged dangerous
Hackers have hijacked the good name of Moltbot and used it to deliver malware to countless unsuspecting users – but fortunately, the attack was quickly spotted and stopped.
Moltbot is an open source personal AI assistant software which runs locally on a user’s computer or server (as opposed to cloud-based alternatives) which lets users interact with large language models (LLM) and automate different tasks. However, since it runs locally with deep system access, some security researchers urged users to be careful, as misconfigurations could expose sensitive data and lead to different hacking attempts.
Moltbot was originally called Clawdbot, but was recently renamed to avoid trademark issues, and is one of the more popular AI tools out there, with more than 93,000 stars on GitHub at press time. Its website, however, is currently flagged as “dangerous”.
Despite being a rising star in the world of AI assistants, Moltbot did not have a Microsoft Visual Studio Code (VSCode) extension.
Cybercriminals took advantage of that fact, and published one, called “ClawBot Agent – AI Coding Assistant”. The extension worked as intended, but it also carried a “fully functioning trojan”, security researchers Aikido explained. The trojan was deployed through a weaponized instance of a legitimate remote desktop solution.
In truth, cybercriminals could have also typosquatted an extension with similar results, but being the only ones on the official Extension Marketplace definitely made their job easier.
What also made the malware dangerous was the effort put into making it look legitimate. “Professional icon, polished UI, integration with seven different AI providers (OpenAI, Anthropic, Google, Ollama, Groq, Mistral, OpenRouter),” Aikido explained.
The attackers also went an extra mile to hide their true intentions:
“The layering here is impressive. You’ve got a fake AI assistant dropping legitimate remote access software configured to connect to attacker infrastructure, with a Rust-based backup loader that fetches the same payload from Dropbox disguised as a Zoom update, all staged in a folder named after a screenshot application. Each layer adds confusion for defenders.”
Via The Hacker News
➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security
Follow TechRadar on Google News andadd us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
