This Week Health
SOAR 2024 Bluebird Leaders This Week HealthAlex's Lemonade Stand This Week Health
SUBSCRIBE NOW to receive top 7 stories daily to your inbox
<--  All Stories

Malicious VSCode extensions with millions of installs discovered

June 13, 2024
BleepingComputer
Contributed by: Sarah Richardson
Summary
Israeli researchers recently demonstrated a significant security vulnerability in the Visual Studio Code (VSCode) Marketplace by creating a trojanized extension mimicking the popular 'Dracula Official' theme. This counterfeit extension, named 'Darcula,' included a script that collected system information and sent it to a remote server without being detected by standard endpoint security tools. The experiment revealed critical gaps in the Marketplace, such as impersonation risks and the presence of many high-risk extensions. The researchers found over 1,200 extensions with malicious code and others exhibiting suspicious behaviors. Despite their responsible disclosure to Microsoft, many malicious extensions remain available. They plan to release a tool named 'ExtensionTotal' to help developers detect potential threats in their environments.
Transform Healthcare - One Connection at a Time

© Copyright 2024 Health Lyrics All rights reserved