Malicious VS Code Extensions Target Developers with ShibaCoin Ransomware

Researchers from Reversing Labs have identified two malicious Visual Studio Code (VS Code) extensions that are distributing ransomware to unsuspecting developers.

The extensions, named “ahban.shiba” and “ahban.cychelloworld,” are currently under development and pose a significant threat to users who install them, as per a report shared in X.

⚠️🧵 RL researchers have found 2 malicious #VSCode extensions, "ahban.shiba" & "ahban.cychelloworld," that deliver #ransomware in development to it's users. pic.twitter.com/OLyStjwKab

— ReversingLabs (@ReversingLabs) March 19, 2025

VS Code, one of the most popular code editors among developers, has a vast library of extensions that enhance its functionality.

However, the rise of malicious extensions highlights the need for increased vigilance when adding new tools to one’s workflow.

These two extensions are specifically designed to deliver ransomware, known as ShibaCoin, which targets developers to extort cryptocurrency payments.

How the Malicious Extensions Work

1. Installation and Activation: Once ...