A malicious Visual Studio Code extension masquerading as a Zoom application was discovered, designed to access and steal Google Chrome cookies. The extension, uploaded to the VS Code Marketplace on November 30 and updated on December 8, impersonates the Zoom Workspace tool to gain users' trust. It contains code targeting Google Chrome cookies, introduced in version 0.2.2. The extension attempts to fetch data from a suspicious endpoint hosted in China and access Chrome's cookie storage and Windows registry data. This incident highlights the ongoing threat of malicious actors exploiting trusted infrastructure to distribute malware through seemingly legitimate channels, revealing vulnerabilities within the VS Code extension ecosystem.