Hackers are using malicious Microsoft VSCode extensions to steal passwords
Date:
Thu, 18 May 2023 13:26:20 +0000
Description:
Researchers found multiple malicious Microsoft VSCode add-ons on a popular repository.
FULL STORY ======================================================================
Cybersecurity researchers from Check Point have discovered multiple malicious Visual Studio extensions sitting in Microsofts VSCode Marketplace.
These extensions, called Theme Darcula dark, python-vscode, and prettiest
java were each pretending to be useful for Visual Studio Code developers, but were, in fact, doing all kinds of nasties. Theme Darcula dark was stealing basic system information, python-vscode allowed for remote code execution on the infected endpoint, while prettiest java stole ( impersonating the "pretty java" add-on) saved credentials or authentication tokens from Discord and Discord Canary, Google Chrome, Opera, Brave Browser, and Yandex Browser. The malware would later exfiltrate it using a Discord webhook.
Combined, the three malware were downloaded 46,600 times, although, among the three, Theme Darcula dark absolutely dominated with more than 45,000 downloads. Supply chain attacks
The researchers tipped Microsoft off on May 4 this year, and the company removed them ten days later, on May 14. Its important to mention while the removal of the malware from the repository does protect developers from
future downloads, those that downloaded the malware in the past will remain vulnerable until they remove the tools from their systems and run an
antivirus scan to eliminate any remnants.
Visual Studio Code (VSC) is Microsofts source-code editor, used by a significant percentage of professional software developers worldwide. VSCode Marketplace is an extensions market run by the Redmond software giant, which allegedly hosts more than 50,000 add-ons that improve VSCs functionality in various ways. Read more
More PyPI packages stealing data have been discovered
Malicious PyPi packages turn Discord into password-stealing malware
Check out the best firewalls right now
While these three were conclusively malicious, Check Points researchers found more dubious add-ons which demonstrated some unsafe behavior, but couldnt outright be classified as malicious. Some of that behavior included grabbing code from private repositories, or downloading files.
Supply chain attacks are super popular among threat actors these days, and open-source repositories are an attractive target. Other repositories, such
as PyPI, for example, are bombarded with malicious packages on a daily basis. These are the best endpoint protection tools right now
Via: BleepingComputer
======================================================================
Link to news story:
https://www.techradar.com/news/hackers-are-using-malicious-microsoft-vscode-ex tensions-to-steal-passwords
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)