Summary: Hunt.io’s investigation revealed a malicious campaign targeting software developers through a deceptive Visual Studio Code extension impersonating the Zoom Workspace tool, aimed at stealing sensitive browser data. The extension, loaded with harmful code, was originally disguised as a legitimate tool but contained sophisticated mechanisms to evade detection and harvest user information. This incident highlights the critical need for developers to carefully evaluate the extensions they use, as compromised tools can lead to broader security vulnerabilities in development environments.
Affected: Software Developers and the Visual Studio Code Marketplace
Keypoints :
- The malicious extension targeted Chrome cookies and sensitive data through deceptive methodologies.
- Attackers used a single positive review to gain user trust and initially mask the extension’s true intent.
- Developers are advised to be vigilant about the extensions they use, particularly those with few installs and reviews.
Source: https://securityonline.info/malicious-vs-code-extension-masquerades-as-zoom-to-steal-chrome-cookies/