Windsurf IDE Extension Drops Malware via Solana Blockchain

**Executive summary:** Bitdefender discovered a malicious Windsurf IDE extension (reditorsupporter.r-vscode-2.8.8-universal) that infects developer environments with a multi-stage NodeJS credential stealer; the extension fetches AES-encrypted payload fragments from Solana blockchain transactions, dynamically executes them, drops native .node modules to extract Chromium credentials and cookies, and establishes persistence via a hidden PowerShell scheduled task named UpdateApp, while deliberately avoiding Russian systems.