CyberSecurityBoard
Sponsor Register Login

12 Malicious Extensions Found in VSCode Marketplace: A Security Alert

The Visual Studio Code (VSCode) marketplace recently faced a significant security threat with the discovery of 12 malicious extensions. These extensions, designed to appear legitimate, were found to contain harmful code capable of compromising user systems. This incident highlights the growing risks associated with third-party software repositories and the importance of vigilant security practices. Developers and users are urged to verify the authenticity of extensions before installation and to keep their software updated to mitigate potential vulnerabilities. The malicious extensions exploited various techniques to evade detection, including obfuscated code and unauthorized data access. Security experts recommend regular audits of installed extensions and the use of trusted sources to minimize exposure to such threats. This event serves as a critical reminder of the evolving landscape of cyber threats targeting development tools and environments. Staying informed and cautious can help protect against similar attacks in the future.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 30 Oct 2025 14:25:25 +0000


Cyber News related to 12 Malicious Extensions Found in VSCode Marketplace: A Security Alert

VSCode extensions found downloading early-stage ransomware - It is notable that the extensions were uploaded onto the VSCode Marketplace on October 27, 2024 (ahban.cychelloworld) and February 17, 2025 (ahban.shiba), bypassing safety review processes and remaining on Microsoft's store for an extensive ...
10 months ago Bleepingcomputer.com
VSCode extensions with 9 million installs pulled over security risks - Microsoft has removed two popular VSCode extensions, 'Material Theme – Free' and  'Material Theme Icons – Free,' from the Visual Studio Marketplace for allegedly containing malicious code. One of the researchers, Amit Assaraf, says ...
10 months ago Bleepingcomputer.com
Malicious VSCode extensions infect Windows with cryptominers - Nine VSCode extensions on Microsoft's Visual Studio Code Marketplace pose as legitimate development tools while infecting users with the XMRig cryptominer to mine Ethereum and Monero. If you have installed any of the nine extensions mentioned in the ...
9 months ago Bleepingcomputer.com
Microsoft apologizes for removing VSCode extensions used by millions - Microsoft has reinstated the 'Material Theme – Free' and 'Material Theme Icons – Free' extensions on the Visual Studio Marketplace after finding that the obfuscated code they contained wasn't actually malicious. According to Astorino, the ...
10 months ago Bleepingcomputer.com
CVE-2025-52882 - Claude Code is an agentic coding tool. Claude Code extensions in VSCode and forks (e.g., Cursor, Windsurf, and VSCodium) and JetBrains IDEs (e.g., IntelliJ, Pycharm, and Android Studio) are vulnerable to unauthorized websocket connections from an ...
7 months ago
The zero-day that could've compromised every Cursor and Windsurf user - In a recent post Yomtom explains that while examining the build process behind OpenVSX, the open-source marketplace powering extensions for tools like Cursor, Windsurf, VSCodium, and others, he discovered a critical flaw. Dubbed VSXPloit: A single ...
6 months ago Bleepingcomputer.com
Google Workspace Marketplace: 4 Tips for Choosing the Best Apps - An Independent Security Verification badge is one indication that an app should go to the top of your list when evaluating options in the Google Workspace Marketplace. We may be compensated by vendors who appear on this page through methods such as ...
2 years ago Techrepublic.com Leviathan
WhiteCobra floods VSCode Market with crypto-stealing extensions - Security researchers have uncovered a new wave of malicious extensions flooding the Visual Studio Code (VSCode) Marketplace, attributed to the WhiteCobra threat group. These extensions are designed to steal cryptocurrency from users by injecting ...
4 months ago Bleepingcomputer.com WhiteCobra
Cyble Discovers Cyberattack Using VSCode For Remote Access - Cyble Research and Intelligence Lab (CRIL) researchers have uncovered a sophisticated campaign that starts with a suspicious .LNK file and uses Visual Studio Code (VSCode) to establish persistence and remote access – and installs the VSCode command ...
1 year ago Thecyberexpress.com
25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
6 months ago Cybersecuritynews.com
12 Malicious Extensions Found in VSCode Marketplace: A Security Alert - The Visual Studio Code (VSCode) marketplace recently faced a significant security threat with the discovery of 12 malicious extensions. These extensions, designed to appear legitimate, were found to contain harmful code capable of compromising user ...
2 months ago Cybersecuritynews.com
Malicious crypto-stealing VSCode extensions resurface on OpenVSX - Malicious Visual Studio Code (VSCode) extensions designed to steal cryptocurrency have reappeared on the OpenVSX marketplace, raising significant security concerns among developers and users. These extensions, disguised as legitimate tools, are ...
3 months ago Bleepingcomputer.com
Over 6 Million Chrome Extensions Can Execute Remote Commands on Users’ Browsers - A major security incident has come to light involving more than six million installations of Chrome browser extensions that secretly execute remote commands, track user activity, and potentially expose sensitive information. John Tuckner of secure ...
9 months ago Cybersecuritynews.com
SSNDOB Marketplace Admin Jailed for Selling Americans Data - In a resounding triumph for justice, U.S. District Judge Kathryn Kimball Mizelle has sentenced Vitalii Chychasov, a 37-year-old Ukrainian citizen, to an eight-year federal prison term. Chychasov played a pivotal role in orchestrating the notorious ...
2 years ago Cybersecuritynews.com Cloak
Developers Beware of Malicious VS Code Extension Apps With Million of Installations - Cybersecurity researchers have uncovered a disturbing campaign targeting software developers through malicious Visual Studio Code extensions that have collectively amassed millions of installations. These compromised extensions, masquerading as ...
9 months ago Cybersecuritynews.com
Google Takes Down Over 50,000 Instances of Malicious Chrome Extensions - Google recently took down over 50,000 Chrome browser extensions after discovering that they were involved in malicious activity. The malicious activity included advertising click fraud, downloading malware, and displaying adware. According to Google, ...
2 years ago Thehackernews.com
Fake VPN Chrome extensions force-installed 1.5 million times - Three malicious Chrome extensions posing as VPN infected were downloaded 1.5 million times, acting as browser hijackers, cashback hack tools, and data stealers. According to ReasonLabs, which discovered the malicious extensions, they are spread via ...
2 years ago Bleepingcomputer.com
Glassworm malware returns on OpenVSX with 3 new VSCode extensions - The Glassworm malware has resurfaced on the OpenVSX marketplace, disguised within three new Visual Studio Code (VSCode) extensions. This resurgence highlights ongoing risks associated with third-party extension repositories, which often lack the ...
2 months ago Bleepingcomputer.com
Facebook Marketplace Is Being Ruined by Zelle Scammers - Some scams encourage people to upgrade their Zelle accounts to a business tier to receive money from a buyer, according to the Better Business Bureau, and come from emails mimicking Zelle, but with different domains. That upgrade appears to cost ...
2 years ago Wired.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
2 years ago Esecurityplanet.com
Malicious Chrome VPN Extensions Installed 1.5M Times Browsers - In a recent cybersecurity revelation, a highly sophisticated cyber attack campaign has emerged, weaving a web of deceit through malicious web extensions cunningly disguised as VPNs. ReasonLabs, a cybersecurity firm, has discovered online piracy ...
2 years ago Cybersecuritynews.com
Malicious Chrome extensions with 1.7M installs found on Web Store - Almost a dozen malicious extensions with 1.7 million downloads in Google's Chrome Web Store could track users, steal browser activity, and redirect to potentially unsafe web addresses. According to the researchers, most of the malicious functionality ...
6 months ago Bleepingcomputer.com
Malicious Chrome extensions with 1.7M installs found on Web Store - Almost a dozen malicious extensions with 1.7 million downloads in Google's Chrome Web Store could track users, steal browser activity, and redirect to potentially unsafe web addresses. According to the researchers, the malicious functionality is ...
6 months ago Bleepingcomputer.com
Majority of Browser Extensions Pose Critical Security Risk, A New Report Reveals - A new 2025 Enterprise Browser Extension Security Report, uniquely combining data from public extension marketplaces and real-world enterprise usage telemetry to spotlight this underestimated threat vector. Extensive Permissions to Sensitive ...
8 months ago Bleepingcomputer.com
Threat Actors May Abuse VS Code Extensions to Deliver Malware - Visual Studio Code (VS Code) extensions have become a popular tool for developers to enhance their coding environment. However, recent cybersecurity research highlights a growing threat where malicious actors exploit these extensions to deliver ...
2 months ago Cybersecuritynews.com

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)