ReversingLabs researchers have been monitoring multiple public repositories over the past few years. Recently, our team has expanded its threat hunting efforts to VSCode Marketplace — and the researchers started to see an increasing amount of malicious activity.
In the past, RL researchers have observed how easy and quickly it is for supply chain attacks to proliferate from the npm community to VSCode Marketplace. Using npm packages, threat actors can get malicious code into VSCode IDE as well, which is often overlooked as a potential source of compromise.
In November 2024, this proliferation changed direction. A month later, a campaign that started on VSCode emerged in the npm community with malicious npm package etherscancontracthandler, bearing a striking resemblance to previously seen malicious VSCode extensions.
The post A new playground: Malicious campaigns proliferate from VSCode to npm appeared first on Security Boulevard.