VS Code

776 readers

1 users here now

founded 1 year ago

MODERATORS

Ategon

Lodra

Malicious VSCode extensions with millions of installs discovered (www.bleepingcomputer.com)

submitted 4 months ago by [email protected] to c/vscode

5 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 7 points 4 months ago (1 children)

Every time a company bitches that opening ""their"" devices to third party apps because "security" and "malware" I always think of shit like this.

The Google Play Store has tons of malware. iOS keeps it under wraps with their bullshit entry price and actually okay moderation, but are they a hundred and ten percent sure their signing key or database will never be exploited because there's a mode on their devices to prevent zero-interaction malware because somehow an SMS being received ends up in the kernel.

[–] [email protected] 4 points 4 months ago

As @Deebster points out, on Android & iOS apps need to ask for permission before accessing sensitive commands beyond the kernel. VisualStudio (as far as as I know) doesn't have a permissions layer. Also the article also mentions that scrutiny is lenient since VSCode is a Dev tool used by (on average) knowledgeable users.

100% agree with you, Microsoft is mostly cost cutting/shirking responsibility by not implementing tighter controls on external code on their tools.