A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to "infect" over 100 organizations by trojanizing a copy of the popular 'Dracula Official theme to include risky code. Further research into the VSCode Marketplace found thousands of extensions with millions of installs.
  • Tekhne
    400·
    4 months ago

    I believe they’re referring to lower down in the article, where the researchers analyzed existing extensions on the marketplace:

    After the successful experiment, the researchers decided to dive into the threat landscape of the VSCode Marketplace, using a custom tool they developed named ‘ExtensionTotal’ to find high-risk extensions, unpack them, and scrutinize suspicious code snippets.

    Through this process, they have found the following:

    • 1,283 with known malicious code (229 million installs).
    • 8,161 communicating with hardcoded IP addresses.
    • 1,452 running unknown executables.
    • 2,304 that are using another publisher’s Github repo, indicating they are a copycat.
    • Kuinox
      106·
      4 months ago

      If you look at the code of one of the “malicious code”, it hit a local IP, not a remote one.

        • noobface
          70·
          4 months ago

          We’re seeing connections from IP addresses that aren’t even routable on the internet. We’re compromised. Time to format.