Malicious Microsoft VSCode extensions target devs, crypto community
Malicious Visual Studio Code extensions were discovered on the VSCode marketplace that download heavily obfuscated PowerShell payloads to target developers and cryptocurrency projects in supply chain attacks.
In a report by Reversing Labs, researchers say the malicious extensions first appeared in the VSCode marketplace in October.
“Throughout October 2024, the RL research team saw a new wave of malicious VSCode extensions containing downloader functionality — all part of the same campaign,” reads the Reversing Labs’ report.
“The community was first notified of this campaign taking place in early October, and since then, the team has been steadfast in tracking it.”
An additional package targeting the crypto community…
