> As we examined the files on the disk, a file named extension.js caught our attention. We found it at %userprofile%\.cursor\extensions\solidityai.solidity-1.0.9-universal\src\extension.js
> It turned out that extension.js was a component of the Solidity Language extension for the Cursor AI IDE, which is based on Visual Studio Code and designed for AI-assisted development.
Malicious VSCode extension stealing crypto. Doesn't have anything to do with Cursor or AI.
I don't like the title either, I just kept the original.
Note that this is not VSCode extension, but Cursor one. VSC forks are not allowed using Microsoft's extension marketplace and usually use community-driven Open VSX registry. Which seems to have weaker moderation standards.
Clickbait.
> As we examined the files on the disk, a file named extension.js caught our attention. We found it at %userprofile%\.cursor\extensions\solidityai.solidity-1.0.9-universal\src\extension.js
> It turned out that extension.js was a component of the Solidity Language extension for the Cursor AI IDE, which is based on Visual Studio Code and designed for AI-assisted development.
Malicious VSCode extension stealing crypto. Doesn't have anything to do with Cursor or AI.
I don't like the title either, I just kept the original.
Note that this is not VSCode extension, but Cursor one. VSC forks are not allowed using Microsoft's extension marketplace and usually use community-driven Open VSX registry. Which seems to have weaker moderation standards.