In the previous blog post “1/6 | How We Hacked Multi-Billion Dollar Companies in 30 Minutes Using a Fake VSCode Extension”, we told the story of how within 30 minutes of work we created a Visual…

ICT Group

Tessa van der Heijden

Elixir

Community Picks is a section on daily.dev where our community members share the most interesting and valuable content they've discovered online. From insightful articles to handy tools, every post is a gem curated by our dedicated coomunity. To contribute to Community Picks, you need to have at least 250 reputation points, ensuring that only active and trusted members can share their finds.

Community Picks

The VSCode Marketplace hosts around 60,000 extensions with 3.3 billion installs. The popularity of extensions poses a security risk as threat actors can infiltrate organizations. Visual Studio Code is a security risk due to its sensitive access to organizational codebase and high privileges. The VSCode Marketplace has several known malicious and risky extensions that have been identified.

2/6 | Exposing Malicious Extensions: Shocking Statistics from the VS Code Marketplace

So, Visual Studio Code is growing and is virtually everywhere, but why is it a security risk?

Alright, enough details and background, what did we find?

Microsoft needs a malware scanner for vs code

Not the reverse shell in the code beautifier 💀

The reverse shell is pointing to a local addresse (could be just streaming to another process to not block the extension process, it’s common practice), the woaim could be just some metrics to identify unique devs ( but I can’t really explain the ifconfig tho, it will just get you some info on your local IP and not much more ), the beacon could be just for metrics same for the last one.
The review process could be flawed yes, but if this is the worst you found, it could just indicate that Microsoft allow for metrics in heir code reveiwing, and blocking real malware.