CYBERSECURITY researchers have flagged a malicious Visual Studio Code extension for Moltbot on the official Extensions Marketplace, which pretends to be a free AI coding assistant but drops a payload on compromised hosts. The extension, named "ClawdBot Agent - AI Coding Assistant" (clawdbot[.]clawdbot-agent), was published by a user named "clawdbot" on 27 January 2026 and has since been taken down by Microsoft.
It is designed to auto-execute on IDE start, quietly fetching a file called config[.]json from clawdbot.getintwopc[.]site to run a binary named Code[.]exe that deploys a legitimate remote desktop program such as ConnectWise ScreenConnect, allowing the attacker persistent access to the victim machine, according to The Hacker News.
A fallback mechanism retrieves a DLL listed in config[.]json and sideloads it to obtain the same payload from Dropbox, with additional hard-coded URLs and a batch script to obtain payloads from darkgptprivate[.]com. The security risks are compounded by unauthenticated Moltbot instances exposing credentials and conversations, with researchers noting that Clawdbot agents can act with agency across messaging platforms.
According to Aikido researcher Charlie Eriksen, the attackers set up their own ScreenConnect relay server and delivered a ready-to-run client that phones home to the attacker’s infrastructure.