According to PANews, a cryptocurrency researcher known as @LehmannLorenz on the X platform reported a near-miss incident where his computer was almost compromised by a malicious browser extension. The extension, developed by an unverified source, amassed 1.7 million downloads and a perfect 5/5 star rating within just one day of its release. Upon downloading and examining the extension, everything appeared normal except for an obfuscated 'extension.js' file that ran during installation. Log files indicated that the script eventually encountered an error, relying on PowerShell execution to operate entirely in memory, leaving no traces on the disk.
In response, SlowMist's Yu Jian stated that this incident represents a supply chain phishing attack targeting Solidity smart contract developers. He emphasized that the editor environment is a high-risk area for supply chain attacks. To mitigate risks, he advised isolating usage as much as possible, avoiding unnecessary installations, and adhering to the principle of 'just enough is enough.' He also recommended using separate computers or virtual machines for more complex tasks to ensure security.