Slow Fog Cosine: Beware of Supply Chain Fishing Attacks Targeting Solidity Smart Contract Developers
ChainCatcher news, cryptography researcher @LehmannLorenz stated on the X platform that his computer was nearly compromised, and just one click could install a malicious extension. The developers behind the extension were unverified, yet it garnered 1.7 million downloads within a day of release (more than any other extension) and a perfect 5/5 star rating. After downloading the malicious extension and extracting its contents, everything appeared normal - except for the obfuscated "extension.js" file that ran during installation. Log files indicated that the script ultimately encountered an error, relying on PowerShell execution, running entirely in memory without leaving any traces on the disk.In response, Slow Mist's Yu Xian stated that this is a supply chain net attack targeting Solidity smart contract developers. The editor environment is a high-risk area for supply chain attacks. They have always tried to isolate what they can, avoid installations whenever possible, and ensure the "just enough" principle. Anything flashy is thrown onto a separate computer or virtual machine.