Subscribe

Malicious code in millions of installs traced to Microsoft Visual Studio

June 10, 2024 A group of Israeli researchers found thousands of potentially harmful extensions on the Visual Studio Code (VSCode) Marketplace, with some having millions of downloads. The researchers created a fake extension mimicking the popular ‘Dracula Official’ theme, dubbed ‘Darcula’, which included risky code to collect system information. This extension was downloaded by multiple high-value targets, including a publicly listed company and major security firms.

Using a custom tool called ‘ExtensionTotal’, the researchers discovered 1,283 extensions with known malicious code, 8,161 communicating with hardcoded IP addresses, and 1,452 running unknown executables. Despite reporting these findings to Microsoft, many of these extensions remained available for download as little as a day ago.

The researchers warn that the lack of stringent security controls on the VSCode Marketplace poses a significant threat to organizations.

 

Top Stories

GitHub Copilot to train on user data by default 

Microsoft pulls Copilot Chat from core Office apps for enterprise customers

OpenAI pauses ChatGPT erotic mode “indefinitely”

Researcher Says “APT” Label No Longer Reflects the Threat Landscape

How do you select a graph database? – Part 1

OpenAI plans major hiring push as competition intensifies

Related Articles

Google warns quantum computing could break encryption by 2029

March 27, 2026 Google has warned that quantum computers could break widely used encryption systems by 2029, urging organisations to more...

GitHub Copilot to train on user data by default 

March 27, 2026 Microsoft is updating GitHub Copilot to train on real-world developer interactions, expanding beyond public code datasets to more...

OpenAI launches ChatGPT Library to centralise files and outputs

March 27, 2026 OpenAI has introduced a new ChatGPT Library feature that automatically stores files uploaded to, or generated within, more...

US Supreme Court narrows ISP liability in major piracy ruling

March 27, 2026 The US Supreme Court has ruled that internet service providers are not automatically liable for user piracy more...

Picture of Jim Love

Jim Love

Jim Love's career in technology spans more that four decades. He's been a CIO and headed a world wide Management Consulting practice. As an entrepreneur he built his own tech business. Today he is a podcast host with the popular tech podcasts Hashtag Trending and Cybersecurity Today with over 14 million downloads. As a novelist, his latest book "Elisa: A Tale of Quantum Kisses" is an Audible best seller. In addition, Jim is a songwriter and recording artist with a Juno nomination and a gold album to his credit. His music can be found at music.jimlove.com
Picture of Jim Love

Jim Love

Jim Love's career in technology spans more that four decades. He's been a CIO and headed a world wide Management Consulting practice. As an entrepreneur he built his own tech business. Today he is a podcast host with the popular tech podcasts Hashtag Trending and Cybersecurity Today with over 14 million downloads. As a novelist, his latest book "Elisa: A Tale of Quantum Kisses" is an Audible best seller. In addition, Jim is a songwriter and recording artist with a Juno nomination and a gold album to his credit. His music can be found at music.jimlove.com

Jim Love

Jim is an author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn
Tech News Day is a daily publication featuring key news stories about technology and how it affects businesses.

Follow Us

X-twitter Linkedin-in

Popular categories

Tech News Delivered

New, Relevant Tech Stories. Our selection is done by industry professionals – executives like you who pick the top stories for that day. Our writers summarize them to give you the key takeaways.
Subscribe
© 2025 TECHNEWSDAY. All rights reserved.