Analysis of the Rust implants found in the malicious VS Code extension

This report details a malicious campaign distributing implants via a trojanized VS Code extension that executes Rust implants through a loader (extension.js) and platform native modules, fetches C2 instructions from a Solana blockchain wallet (with a Google Calendar fallback using invisible Unicode to hide the address), and downloads AES-256-CBC encrypted JavaScript payloads; the report includes file hashes, IPs, URLs, and other indicators.