- Hackers published fake VSCode extension posing as Moltbot AI assistant
- The extension carried a Trojan using remote desktop and layered loaders.
- The attack was quickly detected and stopped, but the Moltbot site was flagged as dangerous
Hackers have taken over Moltbot’s good name and used it to deliver malware to countless unsuspecting users, but fortunately the attack was quickly detected and stopped.
Moltbot is an open source personal AI assistant software that runs locally on a user’s computer or server (as opposed to cloud-based alternatives) that allows users to interact with large language models (LLMs) and automate different tasks. However, since it runs locally with deep system access, some security researchers urged users to be careful as incorrect configurations could expose sensitive data and lead to different hacking attempts.
Moltbot was originally called Clawdbot, but was recently renamed to avoid trademark issues, and is one of the most popular AI tools out there, with over 93,000 stars on GitHub at the time of this publication. However, their website is currently marked as “dangerous.”
Moltbot phishing
Despite being a rising star in the world of AI assistants, Moltbot did not have a Microsoft Visual Studio Code (VSCode) extension.
Cybercriminals took advantage of that fact and published one called “ClawBot Agent – AI Coding Assistant”. The extension worked as intended, but also contained a “fully functioning Trojan,” Aikido security researchers explained. The Trojan was deployed via a weaponized instance of a legitimate remote desktop solution.
In truth, cybercriminals could have also written an extension with similar results, but being the only ones on the official Extension Marketplace definitely made their job easier.
What also made the malware dangerous was the effort put into making it look legitimate. “Professional icon, polished user interface, integration with seven different AI vendors (OpenAI, Anthropic, Google, Ollama, Groq, Mistral, OpenRouter),” Aikido explained.
The attackers also went the extra mile to hide their true intentions:
“The layers here are impressive. You have a fake AI assistant that launches legitimate remote access software configured to connect to the attacker’s infrastructure, with a Rust-based backup loader that retrieves the same payload from Dropbox disguised as a Zoom update, all organized in a folder named after a screenshot app. Each layer adds confusion for defenders.”
Through Hacker News
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
