this post was submitted on 09 Jun 2024
53 points (100.0% liked)

VS Code

776 readers
1 users here now

founded 1 year ago
MODERATORS
Ategon
Lodra
53
Malicious VSCode extensions with millions of installs discovered (www.bleepingcomputer.com)
submitted 4 months ago by [email protected] to c/vscode
5 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 14 points 4 months ago (1 children)

"A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to "infect" over 100 organizations by trojanizing a copy of the popular 'Dracula Official theme to include risky code. Further research into the VSCode Marketplace found thousands of extensions with millions of installs."

[โ€“] towerful 2 points 4 months ago

The plugin is called "Darcula Official" btw.

There is a more generic theme (for multiple applications) called Dracula.
JetBrains IDE has a theme called Darcula, and there are vscode themes on the marketplace that implement this.

So, it's more than just a typosquat