SleepyDuck

A malicious VS Code extension using Ethereum for C2.

Threat Actors

SleepyDuck Malware Evolves with Ethereum C2 Resilience

A new sophisticated remote access trojan, dubbed “SleepyDuck,” has been discovered in the Open VSX registry, a marketplace for IDE extensions. Initially published as a benign extension on October 31,…
Read more →

Elles De Yeager

·

Nov 4, 2025

·

1–2 minutes
Threat Actors

Malicious VSX Extension “SleepyDuck” Leverages Ethereum for Command and Control

A malicious VSX extension dubbed “SleepyDuck” has been discovered in the Open VSX registry, utilizing the Ethereum blockchain for its command and control (C2) infrastructure. Initially distributed as a legitimate…
Read more →

Elles De Yeager

·

Nov 4, 2025

·

2–3 minutes