Trojan Trouble: Malicious Extensions Invade VS Code Marketplace, Developers Beware!
ReversingLabs uncovers a sneaky Trojan campaign targeting Visual Studio Code Marketplace. With 19 malicious extensions hiding in plain sight, these crafty cybercriminals disguised their malware as something harmless. It’s a classic “your-trusted-package-gone-bad” plot, with a fake PNG file twist. Developers, check those extensions carefully—if it looks too good to be true, it probably is!
Hot Take:
Looks like cyber crooks have taken a page out of the Trojan Horse playbook and are hiding in plain sight! They’ve crashed the Visual Studio Code (VS Code) party with extensions that are about as friendly as a porcupine in a balloon factory. With 19 malicious extensions discovered, it’s safe to say that developers need to be as cautious as a cat in a room full of rocking chairs when downloading add-ons. ReversingLabs deserves a standing ovation for unmasking this digital masquerade. But seriously, who knew a fake PNG file could be the life of the malware party? Developers, it’s time to double-check those extensions like they’re a suspiciously cheap designer handbag!
Key Points:
– 19 malicious extensions found in the Visual Studio Code Marketplace.
– Campaign active since February 2025, discovered in December 2025.
– Malware hidden in trusted dependency, path-is-absolute.
– Fake PNG file used to conceal malicious binaries.
– Malicious VS Code detections quadrupled from 2024 to 2025.