VS Code Marketplace’s Comedy of Errors: When Shiba Inu Ransomware Finds a Loophole!

Beware of the “shiba” name game! Malicious VS Code extensions are reusing names of removed packages to deliver ransomware. ReversingLabs found that names aren’t as unique as they should be, turning the VS Code Marketplace into a playground for crafty cyber villains. Stay vigilant, developers—these shibas are no man’s best friend.

3P
Published: August 28, 2025 1:00 pmAdded: August 28, 2025 at 6:06 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Oh, Microsoft! Reusing extension names? It’s like letting anyone rename your Wi-Fi to “Free Internet” and then being surprised when things go wrong. This isn’t just a can of worms; it’s a full-blown worm rave with malicious extensions dancing through VS Code Marketplace like they own the place!

Key Points:

  • Malicious VS Code extensions exploit a loophole by reusing names of removed packages.
  • Attackers delivered ransomware through extensions named “shiba.”
  • ReversingLabs researchers uncovered this naming loophole.
  • VS Code Marketplace contradicts its own documentation on unique names.
  • No indication Microsoft has fixed the naming reuse issue yet.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?