A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to "infect" over 100 organizations by trojanizing a copy of the popular 'Dracula Official theme to include risky code. Further research into the VSCode Marketplace found thousands of extensions with millions of installs.
  • Tekhne
    404 months ago

    I believe they’re referring to lower down in the article, where the researchers analyzed existing extensions on the marketplace:

    After the successful experiment, the researchers decided to dive into the threat landscape of the VSCode Marketplace, using a custom tool they developed named ‘ExtensionTotal’ to find high-risk extensions, unpack them, and scrutinize suspicious code snippets.

    Through this process, they have found the following:

    • 1,283 with known malicious code (229 million installs).
    • 8,161 communicating with hardcoded IP addresses.
    • 1,452 running unknown executables.
    • 2,304 that are using another publisher’s Github repo, indicating they are a copycat.
    • @[email protected]
      44 months ago

      If you look at the code of one of the “malicious code”, it hit a … local IP, not a remote one.

      • @lowleveldata
        194 months ago

        Does that mean the hacker is in my room??

        • @[email protected]
          74 months ago

          We’re seeing connections from IP addresses that aren’t even routable on the internet. We’re compromised. Time to format.

        • @QuadriLiteralEnglish
          24 months ago

          Turns out you were the hacker all along