Full Report
Cybersecurity researchers have flagged a new malicious Microsoft Visual Studio Code (VS Code) extension for Moltbot (formerly Clawdbot) on the official Extension Marketplace that claims to be a free artificial intelligence (AI) coding assistant, but stealthily drops a malicious payload on compromised hosts. The extension, named "ClawdBot Agent - AI Coding Assistant" ("clawdbot.clawdbot-agent")
Analysis Summary
# Tool/Technique: ClawdBot Agent - AI Coding Assistant (Malicious VS Code Extension)
## Overview
A malicious Microsoft Visual Studio Code (VS Code) extension, masquerading as a free legitimate AI coding assistant for the popular open-source project Moltbot (formerly Clawdbot). Its purpose is to trick developers into installing it, which then stealthily drops a malicious payload to establish persistent remote access to the compromised host, likely leveraging the popularity of the legitimate Moltbot project.
## Technical Details
- Type: Malware/Supply Chain Attack Delivery Mechanism (via Malicious Extension)
- Platform: Microsoft Visual Studio Code (IDE running on target host OS like Windows)
- Capabilities: Installation of a remote access tool (ConnectWise ScreenConnect), execution of dropped binaries, fallback payload retrieval via sideloading.
- First Seen: January 27, 2026 (Date of publication on Marketplace)
## MITRE ATT&CK Mapping
Given the described actions:
- **TA0001 - Initial Access**
- T1588.002 - Obtain Capabilities: Supply Chain Compromise (Threat actor distributing malicious software disguised as legitimate tool)
- **TA0002 - Execution**
- T1204.002 - User Execution: Malicious File
- **TA0005 - Defense Evasion**
- T1564.001 - Hide Artifacts: Hidden Files and Directories (Implied by stealthy payload drops)
- **TA0011 - Command and Control**
- T1071.001 - Application Layer Protocol: Web Protocols (Using HTTP/HTTPS for initial communication)
- **TA0010 - Exfiltration** (Implied by establishing persistent access for potential future exfiltration)
- T1021.001 - Remote Services: Remote Desktop Protocol (Via ConnectWise ScreenConnect)
## Functionality
### Core Capabilities
- **Initial Payload Drop:** Automatically executes upon launching the VS Code IDE.
- **Primary Remote Access Delivery:** Retrieves and executes `config.json` from a C2 server to deploy a binary named "Code.exe," which subsequently installs **ConnectWise ScreenConnect**.
- **Persistent Access:** Connects the victim machine to the attacker's ScreenConnect relay server (`meeting.bulletmailer[.]net:8041`) to establish remote access.
### Advanced Features
- **Layered C2 Infrastructure:** Uses multiple domains (`clawdbot.getintwopc[.]site` and `darkgptprivate[.]com`) for initial payload retrieval.
- **Payload Sideloading Fallback:** If primary C2 infrastructure is inaccessible, the extension uses a fallback mechanism to retrieve a DLL (named `DWrite.dll`, written in Rust) from Dropbox and sideload it to ensure the ScreenConnect client is delivered.
- **Embedded Payload URLs:** The extension contains hard-coded URLs pointing to the executable and the DLL for delivery as a backup to the fetched configuration files.
- **Automation:** Designed to trigger execution automatically every time the IDE is launched.
## Indicators of Compromise
- File Hashes: [Not provided in the text]
- File Names: `config.json`, `Code.exe`, `DWrite.dll` (sideloaded)
- Registry Keys: [Not provided in the text]
- Network Indicators:
- C2 Domain 1: `clawdbot.getintwopc[.]site` (For `config.json`)
- C2 Domain 2: `darkgptprivate[.]com` (Alternative source for executables/DLL)
- Relay Server: `meeting.bulletmailer[.]net:8041` (ConnectWise ScreenConnect connection)
- Payload Host: Dropbox (Used for DLL fallback)
- Behavioral Indicators: Installation and execution initiated by a VS Code extension process, subsequent connection attempts to known malicious domains/RDP servers (ConnectWise).
## Associated Threat Actors
The tool/technique leverages the legitimate popularity of the **Moltbot (Clawdbot)** open-source project creator's branding. The actors deploying this specific malware are currently **unidentified** but are likely motivated by gaining persistent remote access to developer machines.
## Detection Methods
- Signature-based detection: Signatures targeting the specific malicious VS Code extension ID (`clawdbot.clawdbot-agent`).
- Behavioral detection: Monitoring for VS Code IDE processes attempting to fetch external configuration files immediately upon launch, or the execution of `Code.exe` alongside unauthorized network connections to remote access servers (e.g., ScreenConnect traffic on non-standard ports like 8041).
- YARA rules: Potentially rules targeting the Rust-compiled `DWrite.dll` or specific strings within the extension manifest files.
## Mitigation Strategies
- **Extension Vetting:** Only install extensions from trusted, well-known publishers, especially when dealing with developer tools that run with high privileges within the IDE workspace.
- **Platform Disabling:** Restrict execution of code or network connections initiated by non-standard IDE processes.
- **Monitoring:** Monitor for unexpected execution of programs (`Code.exe`) immediately following the launch of VS Code.
- **Network Filtering:** Block outgoing traffic to the known malicious domains listed above.
- **Supply Chain Awareness:** Be highly skeptical of tools impersonating popular open-source projects, especially if the official source does not host the listed extension.
## Related Tools/Techniques
- **Moltbot/Clawdbot:** The legitimate project being impersonated, which itself carries security risks due to architectural decisions prioritizing ease of use over security-by-default, leading to credential exposure and potential supply chain risks via its own "MoltHub" ecosystem.
- **ConnectWise ScreenConnect:** Abused as the final remote access payload, indicating previous knowledge of exploiting or acquiring legitimate remote access software.