Researchers Find VS Code Flaw Letting Attackers Reuse Deleted Extension Names

If you use Visual Studio Code extensions a lot, here is something that might make you pause. Security folks recently found a loophole in the VS Code Marketplace that basically lets attackers take over the names of extensions that were deleted before.

To put it simply: if someone removes an extension from the marketplace, that name does not stay locked forever. Someone else can come in and publish a new extension using that same name. This might sound small, but it can open the door for all sorts of supply chain problems.

The case that triggered it

The company ReversingLabs ran into this when they spotted a sketchy extension called ahbanC.shiba. At first glance, it looked almost identical to two other shady extensions (ahban.shiba and ahban.cychelloworld) that were caught earlier this year.

All of these extensions did something nasty: they pulled down a PowerShell script that encrypted files in a folder called testShiba on the victim’s desktop. Then, in a weird twist, they asked for ransom payments in Shiba Inu tokens (yes, the meme coin). That tells us the attacker is still tinkering with their approach, not just doing a one-off.

What stood out to the researchers is that the new one had basically the same name as the older malicious extension. Normally, every extension has a unique identifier — a combo of the publisher name and the extension name. In this case, the only thing that changed was the publisher name. The extension name itself was reused, even though the docs say names should be unique.

So how did that slip through? Turns out, once an extension is deleted, its name goes back into the pool. Anyone can grab it again. But if an extension is only unpublished, that name stays locked.

This is not just a VS Code issue

This is not even the first time we have seen this kind of thing. Back in 2023, ReversingLabs showed that the same loophole existed in PyPI (the Python Package Index). Delete a package, and the name can be picked up by someone else — unless it was marked malicious, in which case PyPI makes it permanently unavailable.

VS Code Marketplace, on the other hand, does not seem to have that safeguard. Which means if a popular and trusted extension ever gets deleted — whether by accident, or the author just decides to quit — attackers could rush in and republish something under that exact same name. You can see how dangerous that could get.

Attackers are already experimenting

This is not just some “theoretical” bug either. According to leaked chat logs from ransomware gangs like Black Basta, groups are actively talking about poisoning open-source repositories with malicious packages. The idea is simple: sneak ransomware or info stealers into places where developers grab tools, and then wait for someone to install them without noticing.

In fact, right around the same time as the VS Code discovery, researchers also found eight malicious npm packages pretending to be legit React or SDK libraries. These were not just basic malware either. They packed in 70 layers of obfuscation and unpacked a Python payload designed to steal sensitive data like browser passwords, credit cards, crypto wallets, and cookies. If the main server failed, the data would even fall back to a Discord webhook.

So yeah, attackers are getting pretty creative with how they hide this stuff.

Why this matters for developers

If you are a developer, you might be thinking, “Okay, but I only install popular extensions. I should be fine, right?” The problem is, attackers know that too. That is why grabbing a deleted extension name is such a clever move. If a popular one disappears, a fake version with the exact same name could come back, and people would not always notice the publisher field.

It is like typosquatting, except worse, because it does not rely on someone misspelling a package name. It is the exact same name, just republished.

To be honest, this makes it pretty clear that open-source and extension marketplaces are not just neutral ecosystems. They are active battlegrounds. Attackers are targeting them because they know that once something gets into your dev environment, it is game over.

What can actually be done

The big takeaway is that marketplaces like VS Code’s need to rethink how they handle deleted names. At the very least, names of malicious or widely used extensions should be permanently locked after removal. Otherwise, it is like leaving a door unlocked and just hoping no one tries it.

For developers and companies, the boring advice still applies:

• Pay attention to publisher names, not just extension names.

• Keep an eye on what is installed across your team.

• Consider using automated scanning or security tools to catch malicious packages before they spread.

It is not exciting advice, but in this case it might save you from installing ransomware disguised as a random VS Code extension.