Cybersecurity researchers have flagged a new malicious Microsoft Visual Studio Code (VS Code) extension for Moltbot (formerly Clawdbot) on the official Extension Marketplace that claims to be a free artificial intelligence (AI) coding assistant, but stealthily drops a malicious payload on compromised hosts.
The extension, named “ClawdBot Agent – AI Coding Assistant” (“clawdbot.clawdbot-agent”), has since been taken down by Microsoft. It was published by a user named “clawdbot” on January 27, 2026.
Moltbot has taken off in a big way, crossing more than 85,000 stars on GitHub as of writing. The open-source project, created by Austrian developer Peter Steinberger, allows users to run a personal AI assistant powered by a large language model (LLM) locally on their own devices and interact with it over already established communication platforms like WhatsApp, Telegram, Slack, Discord, Google Chat, Signal, iMessage, Microsoft Teams, and WebChat.
The most important aspect to note here is that Moltbot does not have a legitimate VS Code extension, meaning the threat actors behind the activity capitalized on the rising popularity of the tool to trick unsuspecting developers into installing it.
The malicious extension is designed such that it’s automatically executed every time the integrated development environment (IDE) is launched, stealthily retrieving a file named “config.json” from an external server (“clawdbot.getintwopc[.]site”) to execute a binary named “Code.exe” that deploys a legitimate remote desktop program like ConnectWise ScreenConnect.
The application then connects to the URL “meeting.bulletmailer[.]net:8041,” granting the attacker persistent remote access to the compromised host.
“The attackers set up their own ScreenConnect relay server, generated a pre-configured client installer, and distributed it through the VS Code extension,” Aikido researcher Charlie Eriksen said. “When victims install the extension, they get a fully functional ScreenConnect client that immediately phones home to the attacker’s infrastructure.”
What’s more, the extension incorporates a fallback mechanism that retrieves a DLL listed in “config.json” and sideloads it to obtain the same payload from Dropbox. The DLL (“DWrite.dll”), written in Rust, ensures that the ScreenConnect client is delivered even if the command-and-control (C2) infrastructure becomes inaccessible.
This is not the only backup mechanism incorporated into the extension for payload delivery. The fake Moltbot extension also embeds hard-coded URLs to get the executable and the DLL to be sideloaded. A second alternative method involves using a batch script to obtain the payloads from a different domain (“darkgptprivate[.]com”).
The Security Risks with Moltbot
The disclosure comes as security researcher and Dvuln founder Jamieson O’Reilly found hundreds of unauthenticated Moltbot instances online, exposing configuration data, API keys, OAuth credentials, and conversation histories from…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
