A counterfeit ‘Truffle for VS Code’ extension, published on the npmjs registry, abuses the ConnectWise ScreenConnect remote desktop utility, allowing threat actors to compromise Windows systems that install the package.
First seen on securityboulevard.com
Jump to article: securityboulevard.com/2025/02/fake-vs-code-extension-on-npm-uses-altered-screenconnect-utility-as-spyware/
