Microsoft has reinstated the 'Material Theme – Free' and 'Material Theme Icons – Free' extensions on the Visual Studio Marketplace after finding that the obfuscated code they contained wasn't actually malicious. According to Astorino, the Material Theme extensions on the VSCode marketplace have been completely rewritten and are safe to use. The researchers told BleepingComputer that their high-risk evaluation for Material Theme arose from what was detected as the presence of code execution capabilities in the theme's "release-notes.js" file, which was also heavily obfuscated. Astorino immediately objected to the allegations and the removal of his extensions from the VSCode Marketplace, alleging that the problem comes from an outdated sanity.io dependency used since 2016 to show release notes from sanity headless CMS. The two VSCode extensions, which count over 9 million installs, were pulled from the VSCode Marketplace in late February over security risks, and their publisher, Mattia Astorino (aka 'equinusocio') was banned from the platform. "Regarding Material Theme, the obfuscation process unintentionally included the sanity.io SDK client, which contained some strings referencing passwords or usernames (the auth client). "The publisher account for Material Theme and Material Theme Icons (Equinusocio) was mistakenly flagged and has now been restored," reads Hanselman's post. Additionally, Hanselman stated that the Visual Studio Code Marketplace will update its policy on obfuscated code and update its scanners accordingly to avoid quickly acting upon projects in the future.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 13 Mar 2025 20:55:14 +0000