Malicious VSCode extensions with millions of installs discovered
BleepingComputer
|
Contributed by: Sarah Richardson
Summary
Israeli researchers recently demonstrated a significant security vulnerability in the Visual Studio Code (VSCode) Marketplace by creating a trojanized extension mimicking the popular 'Dracula Official' theme. This counterfeit extension, named 'Darcula,' included a script that collected system information and sent it to a remote server without being detected by standard endpoint security tools. The experiment revealed critical gaps in the Marketplace, such as impersonation risks and the presence of many high-risk extensions. The researchers found over 1,200 extensions with malicious code and others exhibiting suspicious behaviors. Despite their responsible disclosure to Microsoft, many malicious extensions remain available. They plan to release a tool named 'ExtensionTotal' to help developers detect potential threats in their environments.
