Subscribe

Malicious code in millions of installs traced to Microsoft Visual Studio

June 10, 2024 A group of Israeli researchers found thousands of potentially harmful extensions on the Visual Studio Code (VSCode) Marketplace, with some having millions of downloads. The researchers created a fake extension mimicking the popular ‘Dracula Official’ theme, dubbed ‘Darcula’, which included risky code to collect system information. This extension was downloaded by multiple high-value targets, including a publicly listed company and major security firms.

Using a custom tool called ‘ExtensionTotal’, the researchers discovered 1,283 extensions with known malicious code, 8,161 communicating with hardcoded IP addresses, and 1,452 running unknown executables. Despite reporting these findings to Microsoft, many of these extensions remained available for download as little as a day ago.

The researchers warn that the lack of stringent security controls on the VSCode Marketplace poses a significant threat to organizations.

 

Top Stories

CISA exposed internal passwords and cloud keys in public repository

Jury throws out Elon Musk’s lawsuit against OpenAI and Sam Altman

U.S. carriers team up to counter Starlink’s satellite-to-phone push

ChatGPT now lets Pro users connect bank and investment accounts

Meta employees protest tracking software as layoffs loom

Apple and Meta warn Canada’s Bill C-22 could weaken encryption

Related Articles

AI boom is driving a surge in cybersecurity jobs

May 26, 2026 Demand for cybersecurity advisors is rising as companies scramble to keep up with new risks introduced by more...

Meta cuts jobs as it doubles down on AI

May 26, 2026 Meta has cut 10 per cent of its workforce as part of a sweeping restructuring effort tied more...

California moves to prepare workers for AI disruption

May 25, 2026 Gavin Newsom has signed a new executive order aimed at preparing workers for the potential job losses more...

White House pushes app onto federal devices

May 25, 2026 The White House is directing federal agencies to install its newly launched mobile app on government-issued phones more...

Picture of Jim Love

Jim Love

Jim Love's career in technology spans more that four decades. He's been a CIO and headed a world wide Management Consulting practice. As an entrepreneur he built his own tech business. Today he is a podcast host with the popular tech podcasts Hashtag Trending and Cybersecurity Today with over 14 million downloads. As a novelist, his latest book "Elisa: A Tale of Quantum Kisses" is an Audible best seller. In addition, Jim is a songwriter and recording artist with a Juno nomination and a gold album to his credit. His music can be found at music.jimlove.com
Picture of Jim Love

Jim Love

Jim Love's career in technology spans more that four decades. He's been a CIO and headed a world wide Management Consulting practice. As an entrepreneur he built his own tech business. Today he is a podcast host with the popular tech podcasts Hashtag Trending and Cybersecurity Today with over 14 million downloads. As a novelist, his latest book "Elisa: A Tale of Quantum Kisses" is an Audible best seller. In addition, Jim is a songwriter and recording artist with a Juno nomination and a gold album to his credit. His music can be found at music.jimlove.com

Jim Love

Jim is an author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn