That Windsurf Extension Hides Its Malware on the Blockchain—Your Antivirus Can't Touch It

Software developers trust their code editors the way most people trust their operating system. Extensions install with a click, run with full access to local files and credentials, and rarely get a second look after installation. A campaign discovered by Bitdefender's threat research team shows exactly why that trust is misplaced.

A malicious extension disguised as an R language support tool for the Windsurf IDE does something security teams have not seen before: it pulls its malicious payload directly from the Solana blockchain. You cannot block it with a firewall rule. You cannot take down the server. The malware's instructions live on a decentralized ledger that no one controls.

How the Attack Works

The extension is named reditorsupporter.r-vscode-2.8.8-universal, a deliberate lookalike of the legitimate REditorSupport extension used by thousands of R programmers. Once installed, it does not execute anything suspicious immediately. Instead, it waits, decrypting its payload only after installation to avoid static analysis tools.

When it activates, the extension sends a POST request to the Solana RPC endpoint and calls the getSignaturesForAddress method. This retrieves transaction metadata from a specific Solana wallet address. Hidden inside that metadata are base64 encoded, AES encrypted JavaScript fragments. The extension reassembles these fragments, decrypts them, and executes the resulting code using the NodeJS runtime bundled with Windsurf.

This is the critical innovation. Traditional malware contacts a command and control server that defenders can identify and block. This malware contacts the Solana blockchain, which is a legitimate, globally distributed infrastructure that millions of applications use every day. Blocking Solana RPC calls would break legitimate software. You cannot issue a takedown notice to a blockchain.

What It Steals

Once the payload executes, the extension drops native DLL files that extract:

• Saved passwords from Chromium based browsers (Chrome, Edge, Brave, Arc)
• Session cookies that can hijack active logins without needing a password
• Encrypted Chromium secrets including stored credit card data and autofill information
• Authentication tokens and API keys stored in browser profiles

For developers, the damage goes beyond personal accounts. Stolen API keys can grant access to cloud infrastructure, deployment pipelines, and production databases. A single compromised developer workstation has been the entry point for some of the largest supply chain attacks in recent history, including the npm supply chain attack that gave hackers full AWS admin access.

Persistence That Survives Reboots

The malware does not disappear when you close your IDE. It creates a hidden Windows scheduled task named "UpdateApp" that runs at startup with elevated privileges. This task executes a bundled NodeJS binary from AppData\Roaming\node_x86\node\node.exe, which re runs the malicious script every time the system boots. Even uninstalling the extension leaves the scheduled task and its payload intact.

Who Built It

The malware includes geofencing logic that checks for Russian language markers, timezone data across 13 Russian zones, and UTC offset ranges. If it detects a Russian system, it terminates immediately without executing. This is a common pattern among financially motivated cybercriminal groups operating from Russia or former Soviet states, who deliberately exclude domestic targets to avoid local law enforcement attention.

The approach mirrors techniques seen in other malicious IDE extensions targeting developer credentials, but the blockchain based payload delivery represents an escalation in sophistication.

Why IDE Extensions Are the New Attack Surface

Code editors like VS Code, Cursor, and Windsurf have become platforms in their own right, with extension marketplaces that rival mobile app stores. But unlike Apple's App Store or Google Play, these marketplaces have minimal vetting. Extensions run with the same permissions as the editor itself, which typically means full access to the file system, network, and any credentials stored locally.

Earlier this year, researchers found that VS Code forks like Cursor and Windsurf recommend extensions from the Open VSX registry, which has even fewer security controls than Microsoft's official marketplace. A single malicious extension in these registries can reach thousands of developers before anyone notices.

How to Protect Yourself

If you use Windsurf or any VS Code based editor, take these steps:

• Check your installed extensions for anything matching reditorsupporter. The legitimate extension is published by REditorSupport, not reditorsupporter
• Search your Windows Task Scheduler for a task named "UpdateApp" that references a NodeJS binary in AppData
• Audit your extensions directory at .windsurf/extensions for unfamiliar entries
• Use a dedicated credential manager instead of saving passwords in your browser. Browser stored credentials are the primary target of infostealers
• Rotate API keys and tokens stored on any machine where you installed unverified extensions

The broader takeaway is that developer tooling is now a high value target. The same week this extension was discovered, a critical vulnerability in the Langflow AI platform was exploited within 20 hours of disclosure, allowing attackers to run arbitrary code on servers with a single HTTP request. Treat IDE extensions with the same skepticism you would apply to any executable downloaded from the internet. Verify the publisher, check the download count, and read the source if it is available. The convenience of a one click install is exactly what attackers are counting on.