Malicious VSCode extensions with millions of installs discovered
A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to "infect" over 100 organizations by trojanizing a copy of the popular 'Dracula Official theme to include risky code. Further research into the VSCode Marketplace found thousands of extensions with millions of installs.
Visual Studio Code (VSCode) is a source code editor published by Microsoft and used by many professional software developers worldwide.
Microsoft also operates an extensions market for the IDE, called the Visual Studio Code Marketplace, which offers add-ons that extend the application's functionality and provide more customization options.
Previous reports have highlighted gaps in VSCode's security, allowing extension and publisher impersonation and extensions that steal developer authentication tokens. There have also been in-the-wild findings that were confirmed to be malicious.
For their recent experiment, researchers Amit Assaraf, Itay Kruk, and Idan Dardikman, created an extension that typosquats the 'Dracula Official' theme, a popular color scheme for various applications that has over 7 million installs on the VSCode Marketplace.
