(Podcast) Fake Moltbot (Clawdbot) extension on the VS Code Marketplace is secretly dropping malware

Описание: 🚨 *Is Your AI Coding Assistant Actually a Trojan Horse?* 🚨

In this episode, we dive deep into the latest developer nightmare: a *fake Moltbot* (formerly Clawdbot) extension on the *VS Code Marketplace* that is secretly dropping malware! 💻⚠️

With the legitimate Moltbot open-source project exploding to over *85,000 GitHub stars**, threat actors are now capitalizing on its fame to trick unsuspecting developers. We break down how the "ClawdBot Agent" extension—which has no official VS Code version—stealthily deploys **ConnectWise ScreenConnect* to grant attackers persistent remote access to your machine.

We also explore the sophisticated "backup plans" these hackers use, including *DLL side-loading* with a Rust-based "DWrite.dll" and fallback payloads hosted on *Dropbox* to ensure the malware hits home even if their primary servers are blocked. Beyond the extension itself, we discuss the broader security risks of Moltbot, where misconfigured reverse proxies are exposing private chat histories and API keys to the open web.

Don't let your personal AI assistant turn into a **Remote Access Trojan**. We look at why researchers are warning about "**Cognitive Context Theft**" and how info-stealers are now specifically targeting the plaintext "memories" and credentials stored by these AI agents.

🛡️ *Stay safe, audit your configurations, and always verify your extensions before clicking 'Install'!*

Source: This analysis is based on reporting by **The Hacker News**.