malicious extension

IT Services Circle

Jun 15, 2024 · Information Security

How Researchers Built a Malicious VSCode Extension in 30 Minutes and Exposed Marketplace Security Flaws

A security research team created a counterfeit VSCode extension in half an hour, demonstrated how easily malicious code can be injected and distributed through the VSCode Marketplace, and revealed that dozens of high‑value companies, security firms and even a national court were compromised, highlighting critical gaps in extension vetting and supply‑chain protection.