Beware of VSCode: The Rise of Malicious Extensions
Kuldeep Singh
Whether you're a seasoned developer or new to the world of coding, Visual Studio Code (VSCode) has likely become a part of your daily routine. However, as with any widely-used platform, it isn't immune to the threats posed by cybercriminals. A recent discovery of malicious extensions on Microsoft's VSCode Marketplace highlights the need for vigilance and awareness when installing and using these add-ons. In this blog post, we'll go into the details of this security concern and provide advice to keep your systems safe.
The Issue
Cybercriminals have begun targeting Microsoft's VSCode Marketplace, an extensions market for the VSCode Integrated Development Environment (IDE) used by a significant percentage of software developers worldwide. Recently, three malicious Visual Studio extensions were uploaded to the marketplace and downloaded 46,600 times before being detected and removed.
The Extensions and Their Threats
The malicious extensions discovered include 'Theme Darcula dark', 'python-vscode', and 'prettiest java'. Each of these extensions carries unique threats to users:
Theme Darcula dark
This extension, posing as a theme pack, was used to steal basic information about the developer's system, including hostname, operating system, CPU platform, total memory, and CPU information. Despite no other apparent malicious activity, such behavior is atypical for a theme pack and raises significant security concerns.
python-vscode
Despite its empty description and questionable uploader name, this extension was downloaded 1,384 times. It is a C# shell injector capable of executing code or commands on the user's machine, making it particularly dangerous.
prettiest java
This extension was designed to mimic the popular 'prettier-java' code formatting tool. However, it was stealing saved credentials or authentication tokens from various applications including Discord, Google Chrome, Opera, Brave Browser, and Yandex Browser, and sending them to the attackers.
The Risk of User-Supported Repositories
Software repositories that allow user contributions, such as NPM and PyPi, have historically been popular targets for threat actors. The VSCode Marketplace is the latest platform to be targeted, signaling a growing threat to Windows developers. While it's fairly easy to upload extensions to the VSCode Marketplace, the cases discovered recently indicate an active attempt to infect users with malicious submissions.
Safety Measures
Given these risks, users of the VSCode Marketplace, as well as all user-supported repositories, are advised to take several precautions:
Only install extensions from trusted publishers with many downloads and high community ratings.
Read user reviews diligently.
Inspect the extension's source code before installing it, if possible.
Conclusion
As the world of software development continues to evolve, so too do the threats we face. It's essential to stay informed about these risks and to take proactive steps to protect ourselves. By understanding the nature of these malicious extensions and practicing safe installation practices, we can ensure a safer, more secure coding environment.
Remember, when it comes to your digital security, vigilance is key. Stay safe.
If you’re interested in learning more about programming and related topics, we invite you to check out our website programmingeeksclub.com. We offer valuable resources and insights.
You can find us on Twitter and Facebook.
Download my first ebook about mastering markdown, from here: Download, reviews and recommendations are appreciated.
Subscribe to my newsletter
Read articles from Kuldeep Singh directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
Kuldeep Singh
Kuldeep Singh
Backend Lead Developer at CBNITS INDIA PRIVATE LIMITED, EX employee of tutree.in and Binmile technologies, started blogging as hobby now I'm enjoying this, in mean time I play online games as well it's a rare thing but i do.