Bitdefender has released research warning of an active attack using a malicious extension for the Windsurf IDE (integrated development environment). The campaign intentionally targets software developers, who typically have privileged access, API keys, and other high-value credentials.
Disguised as a legitimate R programming language tool, the extension installs a multi-stage NodeJS credential stealer that retrieves encrypted payloads from the Solana blockchain, leveraging legitimate third-party infrastructure instead of traditional command-and-control (C2) servers to evade detection.
Cybercriminals are increasingly abusing trusted developer ecosystems and decentralized infrastructure to plant malware and establish persistence.
You can read the research here: https://www.bitdefender.com/en-us/blog/labs/windsurf-extension-malware-solana
Like this:
Like Loading...
Related
This entry was posted on March 18, 2026 at 9:04 am and is filed under Commentary with tags Bitdefender. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Windsurf IDE Extension Drops Malware via Solana Blockchain Targeting Developers In The Process
Bitdefender has released research warning of an active attack using a malicious extension for the Windsurf IDE (integrated development environment). The campaign intentionally targets software developers, who typically have privileged access, API keys, and other high-value credentials.
Disguised as a legitimate R programming language tool, the extension installs a multi-stage NodeJS credential stealer that retrieves encrypted payloads from the Solana blockchain, leveraging legitimate third-party infrastructure instead of traditional command-and-control (C2) servers to evade detection.
Cybercriminals are increasingly abusing trusted developer ecosystems and decentralized infrastructure to plant malware and establish persistence.
You can read the research here: https://www.bitdefender.com/en-us/blog/labs/windsurf-extension-malware-solana
Share this:
Like this:
Related
This entry was posted on March 18, 2026 at 9:04 am and is filed under Commentary with tags Bitdefender. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.