National Cyber Warfare Foundation (NCWF)

A new playground: Malicious campaigns proliferate from VSCode to npm
0 user ratings		2024-12-18 13:45:08
milo
Developers

A new playground: Malicious campaigns proliferate from VSCode to npm

ReversingLabs researchers have been monitoring multiple public repositories over the past few years. Recently, our team has expanded its threat hunting efforts to VSCode Marketplace — and the researchers started to see an increasing amount of malicious activity. 


In the past, RL researchers have observed how easy and quickly it is for supply chain attacks to proliferate from the npm community to VSCode Marketplace. Using npm packages, threat actors can get malicious code into VSCode IDE as well, which is often overlooked as a potential source of compromise.


In November 2024, this proliferation changed direction. A month later, a campaign that started on VSCode emerged in the npm community with malicious npm package etherscancontracthandler, bearing a striking resemblance to previously seen malicious VSCode extensions.  


The post A new playground: Malicious campaigns proliferate from VSCode to npm appeared first on Security Boulevard.



Lucija Valentić

Source: Security Boulevard
Source Link: https://securityboulevard.com/2024/12/a-new-playground-malicious-campaigns-proliferate-from-vscode-to-npm/

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
Developers


Copyright 2012 through 2024 - National Cyber Warfare Foundation - All rights reserved worldwide.