The Hacker News

Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data

Researchers found malicious VS Code extensions and Go, npm, and Rust packages stealing developer data via hidden payloads and exfiltration.

4.3 million have installed this malicious browser extension on Chrome and Edge - here's how to check

The list of extensions is quite extensive. There are 125 of them for Edge, and 20 for Chrome. Google has reportedly already removed all that were hosted on its repository, while Microsoft seems to be ...

Malicious VSCode extensions on Microsoft's registry drop infostealers

Two malicious extensions on Microsoft's Visual Studio Code Marketplace infect developers' machines with information-stealing ...
TechRadar

Malicious AI-made extension with ransomware capabilities sneaks on to Microsoft's official VS Code marketplace - so devs beware

Malicious VS Code extension ‘susvsex’ acted as ransomware and used GitHub for command control Extension appeared AI-generated, with embedded decryption keys and suspicious metadata Microsoft removed ...
Developer Tech

Malware campaign uses VS Code extensions for A/B testing

A new malware campaign is A/B testing delivery effectiveness on software developers using malicious VS Code extensions.
Infosecurity-magazine.com

Malicious Microsoft VS Code Extensions Used in Cryptojacking Campaign

An unknown threat actor is deploying a large-scale, sophisticated cryptojacking campaign through a series of malicious extensions in Visual Studio Code, Microsoft’s lightweight source-code editor, ...
Infosecurity-magazine.com

Malicious VS Code Extensions Exploit Name Reuse Loophole

A new campaign involving malicious Visual Studio Code (VS Code) extensions has exposed a loophole in the VS Code Marketplace that allows threat actors to reuse names of previously removed packages.