SleepyDuck

Researchers warned that a malicious Open VSX extension, juan-bianco.solidity-vlang, installs a SleepyDuck remote access trojan that uses an Ethereum smart contract and a fallback RPC mechanism to update its command-and-control details.