- Hackers released fake VSCode extension masquerading as Moltbot AI assistant
- Extension carried trojan using remote desktop and layered loaders
- Attacks were quickly detected and stopped, but Moltbot’s site was flagged as dangerous
Hackers have hijacked Moltbot’s good name and used it to deliver malware to countless unsuspecting users – but fortunately the attack was quickly detected and stopped.
Moltbot is an open source personal AI assistant software that runs locally on a user’s computer or server (as opposed to cloud-based alternatives) that lets users interact with large language models (LLM) and automate various tasks. However, since it runs locally with deep system access, some security researchers urged users to be careful as misconfigurations could expose sensitive data and lead to various hacking attempts.
Moltbot was originally called Clawdbot, but was recently renamed to avoid trademark issues, and is one of the more popular AI tools out there with more than 93,000 stars on GitHub at press time. However, its website is currently marked as “dangerous”.
Spoofing Moltbot
Despite being a rising star in the world of AI assistants, Moltbot did not have a Microsoft Visual Studio Code (VSCode) extension.
Cybercriminals took advantage of that fact and released one called “ClawBot Agent – AI Coding Assistant”. The extension worked as intended, but it also had a “fully functioning Trojan,” security researchers explained to Aikido. The Trojan was deployed through a weapons-based instance of a legitimate remote desktop solution.
In reality, cybercriminals could also have beaten an extension with similar results, but being the only ones on the official Extension Marketplace certainly made their job easier.
What also made the malware dangerous was the effort to make it look legitimate. “Professional icon, polished UI, integration with seven different AI providers (OpenAI, Anthropic, Google, Ollama, Groq, Mistral, OpenRouter),” Aikido explained.
The attackers also went the extra mile to hide their true intentions:
“The layering here is impressive. You have a fake AI assistant that drops legitimate remote access software configured to connect to attacker infrastructure, with a Rust-based backup loader that fetches the same payload from Dropbox disguised as a Zoom update, all staged in a folder named after a screenshot application. Each layer adds confusion for defenders.”
Via Hacker News
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
