VS Code
AI-Slop ransomware test sneaks on to VS Code marketplace
A malicious extension with basic ransomware capabilities seemingly created with the help of AI, has been published on Microsoft’s official VS Code marketplace. Named susvsex and published by ‘suspublisher18,’ the extension’s malicious functionality is openly advertised in its description. Secure Annex researcher John Tuckner discovered susvsex and says that it is the product of “vibe coding” and is far from sophisticated. Despite […]
‘WhiteCobra’ floods VSCode market with crypto-stealing extensions
A threat actor named WhiteCobra has targeting VSCode, Cursor, and Windsurf users by planting 24 malicious extensions in the Visual Studio marketplace and the Open VSX registry. The campaign is ongoing as the threat actor continuously uploads new malicious code to replace the extensions that are removed. In a public post, core Ethereum developer Zak Cole […]
Malicious VSCode extensions infect Windows with cryptominers
Nine VSCode extensions on Microsoft’s Visual Studio Code Marketplace pose as legitimate development tools while infecting users with the XMRig cryptominer to mine Ethereum and Monero. Microsoft VSCode is a popular code editor that allows users to install extensions to extend the program’s functionality. These extensions can be downloaded from Microsoft’s VSCode Marketplace, an online […]
VSCode extensions with 9 million installs pulled over security risks
Microsoft has removed two popular VSCode extensions, ‘Material Theme – Free’ and ‘Material Theme Icons – Free,’ from the Visual Studio Marketplace for allegedly containing malicious code. The two extensions are very popular, having been downloaded nearly 9 million times in total, with users now receiving alerts in VSCode that the extensions have automatically been […]