• Tekhne@sh.itjust.works
    link
    fedilink
    arrow-up
    40
    ·
    5 months ago

    I believe they’re referring to lower down in the article, where the researchers analyzed existing extensions on the marketplace:

    After the successful experiment, the researchers decided to dive into the threat landscape of the VSCode Marketplace, using a custom tool they developed named ‘ExtensionTotal’ to find high-risk extensions, unpack them, and scrutinize suspicious code snippets.

    Through this process, they have found the following:

    • 1,283 with known malicious code (229 million installs).
    • 8,161 communicating with hardcoded IP addresses.
    • 1,452 running unknown executables.
    • 2,304 that are using another publisher’s Github repo, indicating they are a copycat.
    • Kuinox@lemmy.world
      link
      fedilink
      arrow-up
      10
      arrow-down
      6
      ·
      5 months ago

      If you look at the code of one of the “malicious code”, it hit a … local IP, not a remote one.

        • noobface@lemmy.world
          link
          fedilink
          arrow-up
          7
          ·
          5 months ago

          We’re seeing connections from IP addresses that aren’t even routable on the internet. We’re compromised. Time to format.