Damaging Microsoft VS Code extensions could cause major damage for millions of users

News
By
published

Researchers find major holes in Microsoft's marketplace for VS Code

Hacker
Image Credit: Geralt / Pixabay (Image credit: Image Credit: Geralt / Pixabay)

Researchers appear to have found another avenue in which to slam Microsoft for its poor cybersecurity practices - this time around, it’s the marketplace for Visual Studio Code.

Visual Studio Code (often abbreviated as VS Code) is a free, open source code editor developed by Microsoft designed for developing and debugging modern web and cloud applications. With 14 million users, VS Code is extremely popular, thanks mostly to its robust features, such as cross-platform availability, extensibility, built-in Git support, IntelliSense, debugging, integrated terminal, and customization.

As reported by BleepingComputer, researchers Amit Assaraf, Itay Kruk, and Idan Dardikman set out to see how easy it would be to compromise VS Code users, so they created a typosquatted version of the popular “Dracula Official” theme. Dracula is a theme designed to be visually appealing while reducing eye strain for developers.

Darcula strikes

They named the theme “Darcula” and even bought a domain, darculatheme.com, with which they were able to become a verified publisher on the marketplace. The theme worked almost identical to the legitimate one, but also carried malicious code which was able to steal sensitive information from the victims.

Unfortunately, the experiment was a resounding success, with many companies soon mistakenly downloading it. Among the victims was an unnamed, publicly listed company with a $483 billion market cap. Other notable mentions include a national justice court network, and a couple of large security companies. 

This prompted the researchers to take it a step further and see if other criminals thought of the same thing before them, and lo and behold - they found 1,283 extensions with known malicious code. Cumulatively, they had 229 million installs. They also found 8,161 extensions communicating with hardcoded IP addresses, 1,452 running unknown executables, and 2,304 that are using another publisher's Github repo.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.