A newly discovered malicious VSX extension named 'SleepyDuck' has been found using advanced steganography techniques to evade detection and deliver payloads stealthily. This sophisticated attack targets developers by embedding malicious code within seemingly benign Visual Studio Code extensions, exploiting the trust developers place in these tools. SleepyDuck leverages steganography to hide its malicious payloads inside image files, making traditional detection methods ineffective. Once activated, it can execute a range of harmful activities, including data exfiltration and system compromise. The attack highlights the growing trend of supply chain attacks in the software development ecosystem, emphasizing the need for enhanced security measures and vigilance when installing extensions. Developers and organizations are urged to verify the authenticity of extensions and monitor for unusual behaviors to mitigate risks associated with such threats. This incident underscores the importance of cybersecurity awareness and proactive defense strategies in protecting development environments from evolving threats like SleepyDuck.
This Cyber News was published on thehackernews.com. Publication date: Tue, 04 Nov 2025 01:14:03 +0000