Malicious Microsoft VSCode extensions steal passwords, open remote shells

Three malicious Visual Studio extensions were uploaded by cybercriminals to Microsoft’s VSCode Marketplace, where they were downloaded 46,600 times by Windows developers. The harmful extensions must be manually removed from any computers used by software developers who still use them, and systems must also undergo a thorough scan to look for any signs of the infection.

The virus allowed the threat actors to steal credentials, system data, and create a remote shell on the victim’s computer, according to Check Point, whose analysts found the malicious extensions and reported them to Microsoft. The extensions were found and reported on May 4, 2023, and on May 14, 2023, they were taken down from the VSCode marketplace.

Malicious Microsoft VSCode extensions steal passwords, open remote shells

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Malicious Microsoft VSCode extensions steal passwords, open remote shells

17-May-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address