VS Code Malware Hits 17,000+ Developers via Extensions

A sophisticated threat actor has compromised over 17,000 developers by distributing malicious Visual Studio Code extensions that appear to be legitimate, functional tools. These trojanized extensions secretly steal source code, hijack computer resources for cryptocurrency mining, and install persistent backdoors for remote control. While Microsoft removed some of the offending extensions from its marketplace, they remain active on alternative platforms like OpenVSX. The threat actor continues to republish the same malicious code under new names, demonstrating a persistent threat to the developer community. This operation exposes significant security gaps in the extension marketplace ecosystem, leaving developers unknowingly vulnerable to attack.

Latest mentioned: 10-15

Earliest mentioned: 10-14

Sources

gbhackers.com bleepingcomputer.com cybersum.net

Also Read

Beast Ransomware Emerges as Major Cyber Threat

Beast ransomware, a sophisticated Ransomware-as-a-Service (RaaS) operation, has emerged as a significant cybersecurity threat. It employs aggressive network propagation tactics using SMB port scanning to infiltrate and encrypt systems across enterprise environments. The ransomware has targeted organizations worldwide since July 2025, affecting diverse sectors including manufacturing, healthcare, and education. It uses phishing campaigns and the Vidar Infostealer to gain initial access. The malware includes geofencing logic to exclude certain regions, suggesting connections to specific geographical areas. It utilizes the ChaCha20 algorithm for encryption and includes a hidden GUI for manual control. Organizations must prioritize preventive measures and early detection capabilities to defend against this threat.

10-29Read more →