Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Damaging Microsoft VS Code extensions could cause major damage for millions of users

Hacker.

Researchers appear to have found another avenue in which to slam Microsoft for its poor cybersecurity practices - this time around, it’s the marketplace for Visual Studio Code.

Visual Studio Code (often abbreviated as VS Code) is a free, open source code editor developed by Microsoft designed for developing and debugging modern web and cloud applications. With 14 million users, VS Code is extremely popular, thanks mostly to its robust features, such as cross-platform availability, extensibility, built-in Git support, IntelliSense, debugging, integrated terminal, and customization.

As reported by BleepingComputer, researchers Amit Assaraf, Itay Kruk, and Idan Dardikman set out to see how easy it would be to compromise VS Code users, so they created a typosquatted version of the popular “Dracula Official” theme. Dracula is a theme designed to be visually appealing while reducing eye strain for developers.

Darcula strikes

They named the theme “Darcula” and even bought a domain, darculatheme.com, with which they were able to become a verified publisher on the marketplace. The theme worked almost identical to the legitimate one, but also carried malicious code which was able to steal sensitive information from the victims.

Unfortunately, the experiment was a resounding success, with many companies soon mistakenly downloading it. Among the victims was an unnamed, publicly listed company with a $483 billion market cap. Other notable mentions include a national justice court network, and a couple of large security companies. 

This prompted the researchers to take it a step further and see if other criminals thought of the same thing before them, and lo and behold - they found 1,283 extensions with known malicious code. Cumulatively, they had 229 million installs. They also found 8,161 extensions communicating with hardcoded IP addresses, 1,452 running unknown executables, and 2,304 that are using another publisher's Github repo.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.