Malicious VS Code Extension Impersonating “Material Icon Theme” Found in Marketplace

A malicious VS Code extension (icon-theme-materiall v5.29.1) was discovered on the Microsoft Marketplace containing two Rust implants (Windows PE and macOS Mach-O). The report provides sample hashes, YARA rules that matched, links to related GlassWorm activity, and notes the extension remained online after reporting to Microsoft; a full technical analysis of the implants (including C2 via Solana wallet and fallback channels) is available in a follow-up post.