Malicious code in millions of installs traced to Microsoft Visual Studio

A group of Israeli researchers found thousands of potentially harmful extensions on the Visual Studio Code (VSCode) Marketplace, with some having millions of downloads. The researchers created a fake extension mimicking the popular ‘Dracula Official’ theme, dubbed ‘Darcula’, which included risky code to collect system information. This extension was downloaded by multiple high-value targets, including a publicly listed company and major security firms.

Using a custom tool called ‘ExtensionTotal’, the researchers discovered 1,283 extensions with known malicious code, 8,161 communicating with hardcoded IP addresses, and 1,452 running unknown executables. Despite reporting these findings to Microsoft, many of these extensions remained available for download as little as a day ago.

The researchers warn that the lack of stringent security controls on the VSCode Marketplace poses a significant threat to organizations.

Malicious code in millions of installs traced to Microsoft Visual Studio

Top Stories

Toyota confirms leak of 240GB of sensitive data in recent hack

Former Google CEO Eric Schmidt makes controversial comments

Study says 94% of spreadsheets contain critical errors

Google anti-trust ruling a financial disaster for Firefox

Related Articles

Αξιολόγηση Wildsino Casino & Sports 2026 Κρυπτογράφηση & Γρήγορες Πληρωμές

Uitgelezene Online Casino’s Holland

HTI-step one Finally Signal ASTP Assistant Assistant to own Technology Plan

A glance at Pope Francis’ previous hospitalizations and you can health problems

Jim Love

Follow Us

Popular categories

Tech News Delivered