Malicious VSX Extension "SleepyDuck" Uses Ethereum to Keep Its Command Server Alive
Malicious VSX Extension "SleepyDuck" Uses Ethereum to Keep Its Command Server Alive
03 November 2025
Cybersecurity researchers have flagged a new malicious extension in the Open VSX registry that harbors a remote access trojan called SleepyDuck.
According to Secure Annex's John Tuckner, the extension in question, juan-bianco.solidity-vlang (version 0.0.7), was first published on October 31, 2025, as a completely benign library that was subsequently updated to version 0.0.8 on November 1 to