Summary: Microsoft has removed two widely-used VSCode extensions due to the discovery of malicious code by cybersecurity analysts. The developer, Mattia Astorino, claims that the issues stem from an outdated dependency rather than intentional harm. In response, Microsoft has banned the developer and is reviewing the situation further.
Affected: Visual Studio Marketplace, VSCode users
Keypoints :
- Microsoft removed ‘Material Theme – Free’ and ‘Material Theme Icons – Free’ extensions over suspicious code.
- Cybersecurity researchers linked the malicious code to a potential supply chain attack or account compromise.
- The developer claims the issues are due to an outdated dependency and criticized Microsoft for the lack of communication.