A team of Israeli researchers investigated the security of the Visual Studio Code (VSCode) marketplace and managed to “infect” over 100 organizations by embedding risky code into a popular theme, revealing significant vulnerabilities in the system.
VSCode, a source code editor developed by Microsoft, is widely used by professional software developers globally. Microsoft also runs an extensions marketplace for VSCode, offering various add-ons to enhance functionality and customization.
Previous reports have identified security gaps in VSCode, such as the ability to impersonate extensions and publishers, and extensions that steal developer authentication tokens. Some extensions have been confirmed to be malicious.
In their experiment, researchers Amit Assaraf, Itay Kruk, and Idan Dardikman created an extension mimicking the ‘Dracula Official‘ theme, a popular dark mode color scheme with over 7 million installs on the VSCode Marketplace.
The fake extension, named ‘Darcula,’ used the legitimate Dracula theme’s code but added a script that collected system information such as hostname, installed extensions, device’s domain name, and operating system platform, sending this data to a remote server. The researchers registered a matching domain, ‘darculatheme.com,’ to become
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: