A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to "infect" over 100 organizations by trojanizing a copy of the popular 'Dracula Official theme to include risky code. Further research into the VSCode Marketplace found thousands of extensions with millions of installs.
  • Tekhne@sh.itjust.works
    0·
    5 months ago

    I believe they’re referring to lower down in the article, where the researchers analyzed existing extensions on the marketplace:

    After the successful experiment, the researchers decided to dive into the threat landscape of the VSCode Marketplace, using a custom tool they developed named ‘ExtensionTotal’ to find high-risk extensions, unpack them, and scrutinize suspicious code snippets.

    Through this process, they have found the following:

    • 1,283 with known malicious code (229 million installs).
    • 8,161 communicating with hardcoded IP addresses.
    • 1,452 running unknown executables.
    • 2,304 that are using another publisher’s Github repo, indicating they are a copycat.