Malicious VSCode extensions with millions of installs discovered | Windows

A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to “infect” over 100 organizations by trojanizing a copy of the popular ‘Dracula Official theme to include risky code. Further research into the VSCode Marketplace found thousands of extensions with millions of installs.

Visual Studio Code (VSCode) is a source code editor published by Microsoft and used by many professional software developers worldwide.

Microsoft also operates an extensions market for the IDE, called the Visual Studio Code Marketplace, which offers add-ons that extend the application’s functionality and provide more customization options.

Previous reports have highlighted gaps in VSCode’s security, allowing extension and publisher impersonation and extensions that steal developer authentication tokens. There have also been in-the-wild findings that were confirmed to be malicious.

Typosquatting the Dracula theme

For their recent experiment, researchers Amit…


Advertisement Gaming:   Xbox  |  Xbox Bundles  |  Nintendo  |  Playstation  |  Cards   | 
FTC: We use income earning affiliate links. More on Sposored links.
Terms of use and third-party services. More here.
Ad Amazon Minecraft the game, plus clothing, toys, and accessories.
Ad Amazon Gaming Laptops, clothing, games and more
Ad Amazon MUSIC Artists Merch Shop

Related Posts