The popular Open VSX registry has discovered a malicious extension for Solidity that installs the SleepyDuck backdoor under the guise of a legitimate plugin. The attackers used an update to the extension after the initial publication, and the command-and-control server was implemented via an Ethereum smart contract, allowing it to maintain control even after the main C2 domain is disabled.
A malicious extension, juan-bianco.solidity-vlang, was discovered in the Open VSX directory, which masqueraded as a popular Solidity plugin for VS Code-compatible environments, including Cursor and Windsurf. It was initially safe, but the very next day after publication, it received an update with malicious code – at that time it had been downloaded by over 14 thousand developers and a total of 53,439 times.
The SleepyDuck malware is activated when the editor is launched, Solidity files are opened, or a compile command is run. Once activated:
creates a lock file for a one-time run on the host
simulates a webpack.init() call
loads a hidden RAT module
collects system data (hostname, MAC, username, timezone)
creates an environment for executing commands
finds the fastest Ethereum RPC provider
reads the smart contract to obtain the C2 address
enters polling mode
Thus, even after the sleepyduck[.]xyz domain is blocked, the infrastructure continues to work and update instructions via the blockchain.
Open VSX added a warning, but the package remained available for some time, which increased the risks for those who use automatic updates and trust the repository without checks.
Open VSX is a popular open source extension platform that is actively used by smart contract and AI-IDE developers. This is not the first time that malware plugins have appeared in recent times, making the registry an attractive target for supply chain attacks. In response, the service is implementing enhanced controls: reducing token expiration times, quickly revoking access, automatic checks, and sharing data with VS Code about new threats.
The SleepyDuck incident shows how vulnerable the developer tools ecosystem remains: even popular repositories can contain backdoors that are activated after updates. Developers need to verify extension authors, monitor changelogs, and avoid installing packages from unknown sources, as attacks on IDEs are becoming one of the main vectors of compromise.
