"The extensions overwhelmingly impersonate widely installed developer utilities: linters and formatters like ESLint and Prettier, code runners, popular language tooling for Angular, Flutter, Python, and Vue, and common quality-of-life extensions like vscode-icons, WakaTime, and Better Comments. Notably, the campaign also targets AI developer tooling, with extensions targeting Claude Code, Codex, and Antigravity."
"Organizations should monitor extension updates, audit dependency relationships, and restrict installation to trusted publishers where possible, as attackers increasingly exploit the developer tooling ecosystem as a supply-chain entry point."
A malicious campaign distributes fake VS Code extensions through Open VSX by impersonating widely-used developer utilities including linters, formatters, code runners, and language-specific tools for Angular, Flutter, Python, and Vue. The attackers also target AI developer tooling such as Claude Code, Codex, and Antigravity. While Open VSX removed most malicious extensions by March 13, some remain active. Researchers recommend treating extension dependencies with the same security scrutiny as software packages, monitoring updates, auditing dependency relationships, and restricting installations to trusted publishers to prevent supply-chain attacks through developer tools.
Read at InfoWorld
Unable to calculate read time
Collection
[
|
...
]