The extension description from the VSCode marketplace We have included details regarding our specific findings below. These continued findings highlight the need to verify every open-source component, not just assume it will be ok. Once detected, we disclosed our findings to the VSCode team, and the extensions were removed. We’ve also found extensions with suspicious code patterns but no clear malicious indicators.
As such, we’ve decided to investigate VSCode extensions in search of malicious ones.Īs part of our analysis, we found and disclosed a few malicious extensions to the VSCode team with a total count of more than 45K installs. Threat actors keep searching for new ways to infect users, and open-source code components can be a common source for infections-especially the more common ones. Until this day, almost no malicious extensions were published to be detected on the VSCode marketplace. To prevent the distribution of malicious extensions, Microsoft has implemented several security measures for the VSCode Extensions Marketplace, such as automatic extension scanning tools to detect and remove malicious extensions from the marketplace and user reviews and ratings to identify and report malicious extensions. Malicious extensions can pose a security risk to users by installing malware, stealing user data, or performing other harmful actions. They can be used to add new features, support new programming languages, integrate with external tools and services, and more. The VSCode extensions are add-ons that can be installed to upgrade the functionality of the editor. The marketplace includes official Microsoft and third-party extensions developed by the community.Īs for today, the marketplace includes around 50k extensions. One of the main reasons is the VSCode Extensions Marketplace, a central hub where developers can discover and install new extensions to enhance their coding experience. VSCode has gained much popularity in recent years and has become one of developers’ most popular code editors. It’s an efficient and customizable coding environment that can support a wide range of programming languages, frameworks, and tools. VSCode (short for Visual Studio Code) is a popular and free source code editor developed by Microsoft. Soon after notification, they were removed by the VSCode marketplace team. Once detected, we’ve alerted VSCode on these extensions.Users installing these extensions were enabling attackers to steal PII records and to set remote shell to their machines.CloudGuard Spectral detected malicious extensions on the VSCode marketplace.
0 kommentar(er)
