Microsoft’s VS Code Marketplace: A Playground for Hackers or Just a Comedy of Errors?

Researchers discovered a new way to slam Microsoft by exposing lax cybersecurity in Visual Studio Code. They created a malicious theme, “Darcula,” which compromised sensitive data from major companies. The experiment revealed over 1,283 extensions with known malicious code in the VS Code marketplace.

3P
Published: June 10, 2024 10:24 amAdded: June 10, 2024 at 3:32 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Microsoft’s Visual Studio Code Marketplace: Come for the themes, stay for the malware! It seems like the VS Code Marketplace is more like a digital haunted house – enter if you dare, and don’t forget to duck the flying malicious extensions!

Key Points:

  • Researchers created a malicious theme named “Darcula” to test the security of the VS Code Marketplace.
  • The theme included code to steal sensitive information and was downloaded by numerous companies.
  • Among the victims were a publicly listed company worth $483 billion and a national justice court network.
  • Further investigation revealed 1,283 extensions with known malicious code, amounting to 229 million installs.
  • Over 8,000 extensions were found communicating with hardcoded IP addresses, with many running unknown executables.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?