#open-vsx

[ follow ]
#supply-chain #vs-code-forks #malicious-extensions #malware #sleepyduck #ethereum
Information security
fromThe Hacker News
1 week ago

VS Code Forks Recommend Missing Extensions, Creating Supply Chain Risk in Open VSX

AI-powered VS Code forks recommend non-existent Open VSX extensions, enabling attackers to register those namespaces and publish malicious packages that compromise developers.
Information security
fromThe Hacker News
2 months ago

Malicious VSX Extension "SleepyDuck" Uses Ethereum to Keep Its Command Server Alive

A malicious Open VSX extension (juan-bianco.solidity-vlang) contains a SleepyDuck remote access trojan that uses Ethereum contracts for resilient command-and-control and exfiltrates system data.
[ Load more ]