ainda segundo o artigo essas são as extensões afetadas

OpenVSX Extensions (with malicious versions):

codejoy.codejoy-vscode-extension@1.8.3
codejoy.codejoy-vscode-extension@1.8.4
l-igh-t.vscode-theme-seti-folder@1.2.3
kleinesfilmroellchen.serenity-dsl-syntaxhighlight@0.3.2
JScearcy.rust-doc-viewer@4.2.1
SIRILMP.dark-theme-sm@3.11.4
CodeInKlingon.git-worktree-menu@1.0.9
CodeInKlingon.git-worktree-menu@1.0.91
ginfuru.better-nunjucks@0.3.2
ellacrity.recoil@0.7.4
grrrck.positron-plus-1-e@0.0.71
jeronimoekerdt.color-picker-universal@2.8.91
srcery-colors.srcery-colors@0.3.9
sissel.shopify-liquid@4.0.1
TretinV3.forts-api-extention@0.3.1

‍Microsoft VSCode Extensions:

cline-ai-main.cline-ai-agent@3.1.3

parece tudo bem obsucoro, essa ultima parece ser o cline mas não é, deve ser um clone malicioso