Solidity devs targeted again: Malicious VS Code extension drops ScreenConnect-based remote access trojan (RAT)

Checkmarx Zero reported a malicious impersonator VS Code extension (publisher juanblan281, display name using zero-width characters) that executed an obfuscated loader on startup to install a ScreenConnect remote-access tool on Windows and a Python reverse shell with LaunchAgent/systemd persistence on macOS/Linux; the report includes decoded payloads, IOCs (URLs, MSI hash, dropped file paths), timeline of publication and takedown, and recommended containment and hunting steps.