Subscribe

Malicious code in millions of installs traced to Microsoft Visual Studio

June 10, 2024 A group of Israeli researchers found thousands of potentially harmful extensions on the Visual Studio Code (VSCode) Marketplace, with some having millions of downloads. The researchers created a fake extension mimicking the popular ‘Dracula Official’ theme, dubbed ‘Darcula’, which included risky code to collect system information. This extension was downloaded by multiple high-value targets, including a publicly listed company and major security firms.

Using a custom tool called ‘ExtensionTotal’, the researchers discovered 1,283 extensions with known malicious code, 8,161 communicating with hardcoded IP addresses, and 1,452 running unknown executables. Despite reporting these findings to Microsoft, many of these extensions remained available for download as little as a day ago.

The researchers warn that the lack of stringent security controls on the VSCode Marketplace poses a significant threat to organizations.

 

Top Stories

eBay cutting 800 jobs amid strategic realignment

U.S. Pentagon presses Anthropic to lift AI use restrictions

Canada ‘disappointed’ as OpenAI fails to offer new safety protocols after B.C. school shooting

Amodei says Anthropic had Claude before ChatGPT 

Meta facial recognition glasses spark backlash as detection app launches

A quick primer on graph databases

Related Articles

Instagram adds parental notifications for sensitive search patterns

February 27, 2026 Instagram will begin notifying parents if their teen repeatedly searches for suicide or self-harm-related terms within a more...

eBay cutting 800 jobs amid strategic realignment

February 27, 2026 eBay is cutting roughly 800 jobs or about six per cent of its workforce, as the company more...

Anthropic drops binding AI safety pledge in revised policy

February 27, 2026 Anthropic has revised its Responsible Scaling Policy, removing a binding commitment to halt development if its AI more...

U.S. Secret Service assists in recovering funds in Ontario tech fraud case

February 27, 2026 An eastern Ontario resident who lost money in a tech support fraud case may recover part of more...

Picture of Jim Love

Jim Love

Jim Love's career in technology spans more that four decades. He's been a CIO and headed a world wide Management Consulting practice. As an entrepreneur he built his own tech business. Today he is a podcast host with the popular tech podcasts Hashtag Trending and Cybersecurity Today with over 14 million downloads. As a novelist, his latest book "Elisa: A Tale of Quantum Kisses" is an Audible best seller. In addition, Jim is a songwriter and recording artist with a Juno nomination and a gold album to his credit. His music can be found at music.jimlove.com
Picture of Jim Love

Jim Love

Jim Love's career in technology spans more that four decades. He's been a CIO and headed a world wide Management Consulting practice. As an entrepreneur he built his own tech business. Today he is a podcast host with the popular tech podcasts Hashtag Trending and Cybersecurity Today with over 14 million downloads. As a novelist, his latest book "Elisa: A Tale of Quantum Kisses" is an Audible best seller. In addition, Jim is a songwriter and recording artist with a Juno nomination and a gold album to his credit. His music can be found at music.jimlove.com

Jim Love

Jim is an author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn
Tech News Day is a daily publication featuring key news stories about technology and how it affects businesses.

Follow Us

X-twitter Linkedin-in

Popular categories

Tech News Delivered

New, Relevant Tech Stories. Our selection is done by industry professionals – executives like you who pick the top stories for that day. Our writers summarize them to give you the key takeaways.
Subscribe
© 2025 TECHNEWSDAY. All rights reserved.