Rising Threats in Cybersecurity: The Malicious Side of AI Tools

In an alarming development for developers and organizations alike, cybersecurity researchers have recently uncovered a malicious extension for Microsoft Visual Studio Code (VS Code) that poses significant risks to users. This extension, masquerading as a free artificial intelligence (AI) coding assistant, has been linked to Moltbot, a popular AI project that has garnered over 85,000 stars on GitHub. The extension, dubbed “ClawdBot Agent - AI Coding Assistant,” was published on January 27, 2026, by a user named “clawdbot” and has since been removed by Microsoft due to its malicious nature.

Moltbot, developed by Austrian programmer Peter Steinberger, allows users to run a personal AI assistant powered by a large language model (LLM) locally on their devices. This tool enables interaction over popular messaging platforms such as WhatsApp, Telegram, Slack, and Discord. However, the emergence of this malicious extension highlights a growing trend where threat actors exploit the popularity of legitimate tools to deceive unsuspecting developers.

The malicious extension operates stealthily, executing every time the integrated development environment (IDE) is launched. It retrieves a file named “config.json” from an external server, which then executes a binary named “Code.exe.” This binary deploys a remote desktop program, ConnectWise ScreenConnect, allowing attackers persistent access to compromised hosts. The extension even incorporates fallback mechanisms, ensuring that the malicious payload can be delivered even if the primary command-and-control infrastructure is down.

Security experts are particularly concerned about the implications of this malicious extension. Charlie Eriksen, a researcher at Aikido, explained that the attackers set up their own ScreenConnect relay server, creating a pre-configured client installer that is distributed through the VS Code extension. This means that once installed, the extension immediately connects back to the attacker’s infrastructure, granting them control over the victim’s machine.

The risks associated with Moltbot extend beyond this malicious extension. Security researcher Jamieson O’Reilly has identified hundreds of unauthenticated Moltbot instances online, exposing sensitive configuration data, API keys, and conversation histories due to reverse proxy misconfigurations. These vulnerabilities allow attackers to impersonate users, inject messages into conversations, and exfiltrate sensitive data.

The architectural design of Moltbot has been criticized for prioritizing ease of deployment over security. As Benjamin Marr, a security engineer at Intruder, noted, non-technical users can easily deploy instances without encountering security checks or validation, leading to significant risks. This lack of security measures can create high-impact points of control for attackers, especially when sensitive services are integrated without proper safeguards.

Moreover, firms like 1Password and Token Security have raised concerns about the potential dangers of using Moltbot, particularly in enterprise environments. With many employees reportedly using Clawdbot, the lack of proper security measures makes it an attractive target for attackers. The consequences of a breach can be dire, as attackers can easily scrape sensitive data stored in plain text, including API keys and session logs.

As the cybersecurity landscape continues to evolve, the emergence of malicious tools disguised as legitimate applications serves as a stark reminder of the importance of vigilance and security awareness. Organizations and developers are urged to audit their configurations, revoke unnecessary service integrations, and implement strict network controls to mitigate the risks associated with such threats.

The rise of AI tools like Moltbot brings both opportunities and challenges. While these technologies can enhance productivity and efficiency, they also present new avenues for cybercriminals to exploit. As we move forward, it will be crucial for users and organizations to remain informed and proactive in safeguarding their digital environments against emerging threats.