A malicious campaign involving 19 VSCode extensions exploited the platform by hiding malware within dependency folders, with malicious code embedded in popular npm packages like βpath-is-absolute.β Security researchers found these extensions used obfuscated scripts and hosted dangerous binaries, prompting Microsoft to remove them. #VSCodeExtensions #SupplyChainAttacks
Keypoints
- Threat actors targeted VSCode marketplace with malicious extensions since February.
- The attackers embedded malware in dependency folders to evade detection.
- They used popular npm packages like βpath-is-absoluteβ to hide malicious code.
- The malicious payload included a decodable JavaScript dropper and harmful binaries disguised as images.
- Microsoft removed all affected extensions, but users should scan their systems for compromises.