https://www.stepsecurity.io/blog/miasma-worm-hits-microsoft-... mentions that it plants `.claude/settings.json`, `.gemini/settings.json`, `.cursor/rules/setup.mdc`, and `.vscode/tasks.json` to execute its payload as a setup task.

VSCode will be used by plenty of non-AI-using developers, and the credential harvester is not specific to AI API tokens, but that 3/4 of the targets are AI coding tools is I assume where the claim comes from.

> you can skip the slop and read the real information here: (link that is obviously written by AI)

Do I remember correctly when techcrunch was charging $10k per month for a square banner on its website, 2005? And that was considered the top, for a tech blog. Even then they posted slop.