← All Threat Actors
Threat Actor Profile

WhiteCobra

No known aliases in database
▲ High Threat
Operation Solidity Pro
Origin
Motivation financial (cryptocurrency theft)

Target Sectors

Software Developers Blockchain Developers Cryptocurrency Holders Users of VS Code, Cursor, and Windsurf IDEs

Known TTPs

Malicious VSIX packaging and marketplace deployment
Typosquatting and deceptive branding of extensions
Artificial download inflation to create social proof
Social engineering via X (Twitter) mimicking influential developers
Multi-stage obfuscated payload delivery
Deployment of info-stealers (e.g., LummaStealer)
C2 and payload hosting via Cloudflare Pages
Targeting of browser-stored secrets, NPM/GitHub tokens, and crypto wallets

External Resources

CISA Advisories ↗

Related Intelligence

Hacking the mainframe…

LINK COPIED TO CLIPBOARD