TigerJack Threat Actor Compromises 17,000+ Developers with Malicious Extensions

Cyber Security News by CyberSum.net

Published on October 15, 2025 at 12:00 PM

3 sources

A sophisticated threat actor known as TigerJack has compromised over 17,000 developers through malicious Visual Studio Code extensions. These extensions, which include 'C++ Playground' and 'HTTP Format,' steal source code, mine cryptocurrency, and establish remote backdoors. Despite being removed from a major marketplace, they remain operational on alternative platforms, highlighting significant security gaps. The extensions operate as advertised but secretly perform malicious activities, making them particularly insidious. TigerJack's persistent tactics include republishing malicious code under new names and using social engineering to gain credibility.

Also Read

Cisco SNMP Vulnerability Exploited in Operation Zero Disco

Cybersecurity researchers at Trend Micro have uncovered an active attack campaign called Operation Zero Disco, which exploits a critical vulnerability in Cisco’s SNMP implementation. The vulnerability, tracked as CVE-2025-20352, allows attackers to execute remote code and deploy sophisticated Linux rootkits on vulnerable network devices. The campaign primarily targets older Cisco switch models, enabling persistent unauthorized access and evasion of detection. Attackers use spoofed IP addresses and MAC email addresses to obscure their activities, and the rootkit installs hooks into the IOSd memory space, creating fileless backdoor components that disappear after system reboots but remain active during normal operation.

By Cyber Security News by CyberSum.netOctober 16, 2025 at 03:00 PM