The obfuscation game: MUT-9332 targets Solidity developers via malicious VS Code extensions

Datadog Security Research identified a multi-stage malware campaign by actor MUT-9332 that trojanized three VS Code extensions aimed at Solidity developers; the extensions delivered PowerShell- and VBScript-based stages that install a malicious Chromium extension and Windows binaries (myau.exe, myaunet.exe) to disable protections, persist via shortcuts and registry, and exfiltrate cryptocurrency wallet credentials and other data. The report documents the full attack flow, obfuscation techniques (including a payload embedded in a public image), defensive evasion measures, hashes and URLs for IOCs, and notes the extensions were removed from the Marketplace after fewer than ~50 installs.