Hackers have created several malicious VSCode extensions that spread crypto-mining malware. Hundreds of downloads were made by these extensions, all from the same publisher, DevelopmentInc. One extension, disguised as a Pokémon-themed tool, triggered Monero mining malware when activated. The malware hid its tracks using Google Chrome spoof requests. Removing illicit extensions won’t guarantee their return; developers should stay vigilant for future threats.
Source: https://www.scworld.com/brief/cryptomining-targeted-by-fake-vscode-extensions