GLOBAL SITUATIONMONITORING
482 published briefsUTCSun, Apr 5 09:04:37
SleepyDuck
A malicious VS Code extension using Ethereum for C2.
2 intelligence briefs← Intelligence Hub
-
SleepyDuck Malware Evolves with Ethereum C2 Resilience
A new sophisticated remote access trojan, dubbed “SleepyDuck,” has been discovered in the Open VSX registry, a marketplace for IDE extensions. Initially published as a benign extension on October 31, 2025, it was updated on November 1, 2025, to include malicious capabilities and has since garnered over 14,000 downloads.
-
Malicious VSX Extension “SleepyDuck” Leverages Ethereum for Command and Control
A malicious VSX extension dubbed “SleepyDuck” has been discovered in the Open VSX registry, utilizing the Ethereum blockchain for its command and control (C2) infrastructure. Initially distributed as a legitimate Solidity development tool, the extension was updated to include malicious functionalities, posing a significant threat to developers.