Damaging Microsoft VS Code extensions could cause major damage for millions of users

Researchers find major holes in Microsoft’s marketplace for VS Code

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Researchers appear to have found another avenue in which to slamMicrosoftfor its poor cybersecurity practices - this time around, it’s the marketplace for Visual Studio Code.

Visual Studio Code (often abbreviated as VS Code) is a free, open source code editor developed by Microsoft designed for developing and debugging modern web and cloud applications. With14 million users, VS Code is extremely popular, thanks mostly to its robust features, such as cross-platform availability, extensibility, built-in Git support, IntelliSense, debugging, integrated terminal, and customization.

As reported byBleepingComputer, researchers Amit Assaraf, Itay Kruk, and Idan Dardikman set out to see how easy it would be to compromise VS Code users, so they created a typosquatted version of the popular “Dracula Official” theme. Dracula is a theme designed to be visually appealing while reducing eye strain for developers.

Darcula strikes

They named the theme “Darcula” and even bought a domain, darculatheme.com, with which they were able to become a verified publisher on the marketplace. The theme worked almost identical to the legitimate one, but also carried malicious code which was able to steal sensitive information from the victims.

Unfortunately, the experiment was a resounding success, with many companies soon mistakenly downloading it. Among the victims was an unnamed, publicly listed company with a $483 billion market cap. Other notable mentions include a national justice court network, and a couple of large security companies.

This prompted the researchers to take it a step further and see if other criminals thought of the same thing before them, and lo and behold - they found 1,283 extensions with knownmalicious code. Cumulatively, they had 229 million installs. They also found 8,161 extensions communicating with hardcoded IP addresses, 1,452 running unknown executables, and 2,304 that are using another publisher’s Github repo.

More from TechRadar Pro

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

New fanless cooling technology enhances energy efficiency for AI workloads by achieving a 90% reduction in cooling power consumption