Malicious Microsoft VSCode extensions steal passwords, open remote shells

17-May-23

Three malicious Visual Studio extensions were uploaded by cybercriminals to Microsoft’s VSCode Marketplace, where they were downloaded 46,600 times by Windows developers. The harmful extensions must be manually removed from any computers used by software developers who still use them, and systems must also undergo a thorough scan to look for any signs of the infection.

The virus allowed the threat actors to steal credentials, system data, and create a remote shell on the victim’s computer, according to Check Point, whose analysts found the malicious extensions and reported them to Microsoft. The extensions were found and reported on May 4, 2023, and on May 14, 2023, they were taken down from the VSCode marketplace.

Read More…