VSCode
Glassworm malware returns in third wave of malicious VS Code packages
The Glassworm campaign, which first emerged on the OpenVSX and Microsoft Visual Studio marketplaces in October, is now in its third wave, with 24 new packages added on the two platforms. OpenVSX and the Microsoft Visual Studio Marketplace are both extension repositories for VS Code–compatible editors, used by developers to install language support, frameworks, tooling, themes, […]
AI-Slop ransomware test sneaks on to VS Code marketplace
A malicious extension with basic ransomware capabilities seemingly created with the help of AI, has been published on Microsoft’s official VS Code marketplace. Named susvsex and published by ‘suspublisher18,’ the extension’s malicious functionality is openly advertised in its description. Secure Annex researcher John Tuckner discovered susvsex and says that it is the product of “vibe coding” and is far from sophisticated. Despite […]
Fake Solidity VSCode extension on Open VSX backdoors developers
A remote access trojan dubbed SleepyDuck, and disguised as the well-known Solidity extension in the Open VSX open-source registry, uses an Ethereum smart contract to establish a communication channel with the attacker. Open VSX is a community-driven registry for extensions compatible with VS Code, which are popular with AI-powered integrated development environments (IDEs) like Cursor and Windsurf. […]
‘WhiteCobra’ floods VSCode market with crypto-stealing extensions
A threat actor named WhiteCobra has targeting VSCode, Cursor, and Windsurf users by planting 24 malicious extensions in the Visual Studio marketplace and the Open VSX registry. The campaign is ongoing as the threat actor continuously uploads new malicious code to replace the extensions that are removed. In a public post, core Ethereum developer Zak Cole […]
Cursor AI editor lets repos “autorun” malicious code on devices
A weakness in the Cursor code editor exposes developers to the risk of automatically executing tasks in a malicious repository as soon as it’s opened. Threat actors can exploit the flaw to drop malware, hijack developer environments, or steal credentials and API tokens, without developers having to execute any commands. Cursor is an AI-powered Integrated Development Environment (IDE) built […]
Malicious VSCode extension in Cursor IDE led to $500K crypto theft
A fake extension for the Cursor AI IDE code editor infected devices with remote access tools and infostealers, which, in one case, led to the theft of $500,000 in cryptocurrency from a Russian crypto developer. Cursor AI IDE is an AI-powered development environment based on Microsoft’s Visual Studio Code. It includes support for Open VSX, an alternative […]
Malicious VSCode extensions infect Windows with cryptominers
Nine VSCode extensions on Microsoft’s Visual Studio Code Marketplace pose as legitimate development tools while infecting users with the XMRig cryptominer to mine Ethereum and Monero. Microsoft VSCode is a popular code editor that allows users to install extensions to extend the program’s functionality. These extensions can be downloaded from Microsoft’s VSCode Marketplace, an online […]
VSCode extensions found downloading early-stage ransomware
Two malicious VSCode Marketplace extensions were found deploying in-development ransomware, exposing critical gaps in Microsoft’s review process. The extensions, named “ahban.shiba” and “ahban.cychelloworld,” were downloaded seven and eight times, respectively, before they were eventually removed from the store. It is notable that the extensions were uploaded onto the VSCode Marketplace on October 27, 2024 (ahban.cychelloworld) […]
Microsoft apologizes for removing VSCode extensions used by millions
Microsoft has reinstated the ‘Material Theme – Free’ and ‘Material Theme Icons – Free’ extensions on the Visual Studio Marketplace after finding that the obfuscated code they contained wasn’t actually malicious. The two VSCode extensions, which count over 9 million installs, were pulled from the VSCode Marketplace in late February over security risks, and their […]
VSCode extensions with 9 million installs pulled over security risks
Microsoft has removed two popular VSCode extensions, ‘Material Theme – Free’ and ‘Material Theme Icons – Free,’ from the Visual Studio Marketplace for allegedly containing malicious code. The two extensions are very popular, having been downloaded nearly 9 million times in total, with users now receiving alerts in VSCode that the extensions have automatically been […]