Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security

Malicious VSCode Extensions With Millions of Installs Discovered (bleepingcomputer.com) 22

A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to "infect" over 100 organizations by trojanizing a copy of the popular 'Dracula Official theme to include risky code. Further research into the VSCode Marketplace found thousands of extensions with millions of installs. From a report: Visual Studio Code (VSCode) is a source code editor published by Microsoft and used by many professional software developers worldwide. Microsoft also operates an extensions market for the IDE, called the Visual Studio Code Marketplace, which offers add-ons that extend the application's functionality and provide more customization options. Previous reports have highlighted gaps in VSCode's security, allowing extension and publisher impersonation and extensions that steal developer authentication tokens. There have also been in-the-wild findings that were confirmed to be malicious.
This discussion has been archived. No new comments can be posted.

Malicious VSCode Extensions With Millions of Installs Discovered

Comments Filter:
  • What the hell is (Score:5, Insightful)

    by mobby_6kl ( 668092 ) on Monday June 10, 2024 @12:25PM (#64538375)

    "Dracula Official theme" and why would you install that.

    • ...in a productive organization environment (remember "over 100 organizations" infected) rather than some teenagers dabbling in mobile game app development.

    • by Tablizer ( 95088 )

      I'm not clear if the Dracula addon is required for the other exploits the article talked about, or was just a specific example or illustration of bad addons.

      • TypoSquatting (Score:5, Informative)

        by knarfling ( 735361 ) on Monday June 10, 2024 @01:29PM (#64538619) Journal

        I'm not clear if the Dracula addon is required for the other exploits the article talked about, or was just a specific example or illustration of bad addons.

        Technically it is neither.

        They copied the code from Dracula (a very popular dark theme), added an "exploit" (non-malicious, but could have been) and published it as "Darcula" and watched how many people downloaded it.

        The researchers also created a custom tool to check out the extensions available in VSCode Studio.

        Through this process, they have found the following:

                1,283 with known malicious code (229 million installs).
                8,161 communicating with hardcoded IP addresses.
                1,452 running unknown executables.
                2,304 that are using another publisher's Github repo, indicating they are a copycat.

        They included a copy of the code found in one extension that opens a reverse shell.

        The problem seems to be that MS doesn't want to do anything about it.

        • They copied the code from Dracula (a very popular dark theme), added an "exploit" (non-malicious, but could have been) and published it as "Darcula" and watched how many people downloaded it.

          As it's a dark-mode theme, "Darcula" is the cleverer name. A missed opportunity for the original.

        • >> The problem seems to be that MS doesn't want to do anything about it.
          I am surprised MS does as much for as they to already. VSCode is free (and very useful).

        • by Tablizer ( 95088 )

          Okay, I didn't notice the letter switch trick, Modnays.

          > [Microsoft] doesn't want to do anything about it.

          No, it was "Micorsoft" that didn't do anything about it, they got name wrong :-)

    • by quantaman ( 517394 ) on Monday June 10, 2024 @01:22PM (#64538593)

      "Dracula Official theme" and why would you install that.

      People are nostalgic for Windows ME that would drain the life from your body.

  • I'm shocked. Shocked to hear that Microsoft would do this.

  • by Miles_O'Toole ( 5152533 ) on Monday June 10, 2024 @02:07PM (#64538737)

    For the love of god, it's called Dracula Official Theme. How could it NOT suck!

  • No surprise that so much code is so insecure if this is the typical level of insight in these people.

Computer programmers do it byte by byte.

Working...