Microsoft has removed the popular VSCode extensions Material Theme - Free and Material Theme Icons - Free due to potential malware concerns. Following investigations by security experts, it was revealed that updates to the extensions may have contained malicious code, possibly pointing to a supply chain attack or a compromise of the publisher's account. The extensions had introduced hidden JavaScript within their JSON files, which is a significant red flag. Microsoft has validated these findings and removed the extensions from the Marketplace and affected VSCode instances, with future details to be shared on GitHub.
Microsoft removed two popular extensions from its Visual Studio Marketplace due to potential malware, indicating a supply chain attack or compromised publisher account.
Security experts found hidden JavaScript within the extensions' release-notes.js files, suggesting a supply chain attack or a significant compromise in the publisher's account.
Collection
[
|
...
]