Is there a malicious solidity VSCode extension? It seems the version from `juan-blanco` has more downloads/better reviews, despite being new. The version from `juanblanco` has bad reviews, less downloads, but longer history. The newer version DID NOT WORK, so I looked further. 🧵

so the malicious part is in the `modal.js` file; TL;DR is the following. The obfuscation applied is: - `hexColors` array holds Base64 fragments padded with `#` - Reversed, joined, stripped of `#`, Base64-decoded - Decoded code executed via hidden `eval` (`ZXZhbA==`) The behaviour is: - Targets Windows (`win32`) and macOS (`darwin`) only - Disables `TLS` certificate verification (`NODE_TLS_REJECT_UNAUTHORIZED = "0"`). - Fetches remote JS from: Windows → p92nd[.]pages[.]dev/cj292ke.txt macOS → p92nd[.]pages[.]dev/ufjm20r.txt - Executes fetched code via `eval` (arbitrary code execution) - Uses `process.exit(0)` for stealth termination on errors or empty payload I won't got into more details for now. Actions are taken.