Hackers are using malicious Microsoft VSCode extensions to steal passwords

Sead Fadilpašić

May 18, 2023 at 9:26 AM·2 min read

Illustration of a laptop with a magnifying glass exposing a beetle on-screen

Cybersecurity researchers from Check Point have discovered multiple malicious Visual Studio extensions sitting in Microsoft’s VSCode Marketplace.

These extensions, called “Theme Darcula dark”, python-vscode”, and “prettiest java” were each pretending to be useful for Visual Studio Code developers, but were, in fact, doing all kinds of nasties. Theme Darcula dark was stealing basic system information, python-vscode allowed for remote code execution on the infected endpoint, while prettiest java stole (impersonating the "pretty java" add-on) saved credentials or authentication tokens from Discord and Discord Canary, Google Chrome, Opera, Brave Browser, and Yandex Browser. The malware would later exfiltrate it using a Discord webhook.

Combined, the three malware were downloaded 46,600 times, although, among the three, Theme Darcula dark absolutely dominated with more than 45,000 downloads.

Supply chain attacks

The researchers tipped Microsoft off on May 4 this year, and the company removed them ten days later, on May 14. It’s important to mention while the removal of the malware from the repository does protect developers from future downloads, those that downloaded the malware in the past will remain vulnerable until they remove the tools from their systems and run an antivirus scan to eliminate any remnants.

Visual Studio Code (VSC) is Microsoft’s source-code editor, used by a “significant percentage” of professional software developers worldwide. VSCode Marketplace is an extensions market run by the Redmond software giant, which allegedly hosts more than 50,000 add-ons that improve VSC’s functionality in various ways.

> More PyPI packages stealing data have been discovered

> Malicious PyPi packages turn Discord into password-stealing malware

> Check out the best firewalls right now

While these three were conclusively malicious, Check Point’s researchers found more dubious add-ons which demonstrated some unsafe behavior, but couldn’t outright be classified as malicious. Some of that behavior included grabbing code from private repositories, or downloading files.

Supply chain attacks are super popular among threat actors these days, and open-source repositories are an attractive target. Other repositories, such as PyPI, for example, are bombarded with malicious packages on a daily basis.

These are the best endpoint protection tools right now

Via: BleepingComputer

Yahoo Sports
2024 NFL Draft grades: Denver Broncos earn one of our lowest grades mostly due to one pick
Yahoo Sports' Charles McDonald breaks down the Broncos' 2024 draft.
4d ago
Yahoo Sports
NFL Power Rankings, draft edition: Did Patriots fix their offensive issues?
Which teams did the best in the NFL Draft?
19h ago
Yahoo Sports
Formula 1: Miami Grand Prix sends cease and desist letter to prevent Donald Trump fundraiser during race
Race organizers say they'll revoke a Trump fundraiser's suite license if he holds an event for the former president on Sunday at the race.
3d ago
Yahoo Sports
NFL Draft: Packers fan upset with team's 1st pick, and Lions fans hilariously rubbed it in
Not everyone was thrilled with their team's draft on Thursday night.
6d ago
Yahoo Life Shopping
Does castor oil really help with hair growth? We asked the experts, and their answer may surprise you
It's inexpensive, but is it effective? Dermatologists' verdict is in — and it's unanimous.
1d ago
Yahoo Sports
New details emerge in alleged gambling ring behind Shohei Ohtani-Ippei Mizuhara scandal
It turns out the money was going from Ohtani's bank account to an illegal bookie to ... casinos.
1d ago
Yahoo Finance
CVS stock plunges after earnings numbers one analyst 'did not even believe'
CVS warns it could cede Medicare Advantage market share as reimbursement rates pressure the company.
14h ago
Yahoo Sports
The best RBs for 2024 fantasy football according to our experts
The Yahoo Fantasy football analysts reveal their first running back rankings for the 2024 season.
2d ago
Yahoo Sports
NFL Draft grades for all 32 teams | Zero Blitz
Jason Fitz and Frank Schwab join forces to recap the draft in the best way they know how: letter grades! Fitz and Frank discuss all 32 teams division by division as they give a snapshot of how fans should be feeling heading into the 2024 season. The duo have key debates on the Dallas Cowboys, New York Giants, New Orleans Saints, Los Angeles Rams, New England Patriots, Las Vegas Raiders and more.
2d ago
Yahoo Sports
Canelo Álvarez and Oscar De La Hoya erupt in heated exchange ahead of title bout with Jaime Munguía
Canelo Álvarez is set to defend his title against undefeated Jaime Munguía on Saturday in Las Vegas.
9h ago

News

Life

Entertainment

Finance

Sports

New on Yahoo

Hackers are using malicious Microsoft VSCode extensions to steal passwords

Supply chain attacks

Recommended Stories

2024 NFL Draft grades: Denver Broncos earn one of our lowest grades mostly due to one pick

NFL Power Rankings, draft edition: Did Patriots fix their offensive issues?

Formula 1: Miami Grand Prix sends cease and desist letter to prevent Donald Trump fundraiser during race

NFL Draft: Packers fan upset with team's 1st pick, and Lions fans hilariously rubbed it in

Does castor oil really help with hair growth? We asked the experts, and their answer may surprise you

New details emerge in alleged gambling ring behind Shohei Ohtani-Ippei Mizuhara scandal

CVS stock plunges after earnings numbers one analyst 'did not even believe'

The best RBs for 2024 fantasy football according to our experts

NFL Draft grades for all 32 teams | Zero Blitz

Canelo Álvarez and Oscar De La Hoya erupt in heated exchange ahead of title bout with Jaime Munguía