Breaking
December 19, 2024

Developers targeted by malicious Microsoft VSCode extensions | usagoldmines.com


  • Reversing Labs and Assaraf discover campaign targeting software and web3 devs
  • Multiple packages were hiding weaponized code that deploys stage-two malware
  • The malicious intent was very difficult to spot

Software developers, especially those working on web3 and cryptocurrency projects, are being targeted in a brand new software supply chain attack, experts have claimed.

Security researcher Amit Assaraf published a new blog post outlining how he had observed dozens of malicious Visual Studio Code extensions on the VSCode marketplace designed to download well-hidden second-stage payloads from shady domains (some in Russia).

A similar report was recently published by cybersecurity researchers Reversing Labs, who said that the campaign most likely started in October 2024.

Heavily obfuscated files

“Throughout October 2024, the RL research team saw a new wave of malicious VSCode extensions containing downloader functionality — all part of the same campaign,” the researchers said. “The community was first notified of this campaign taking place in early October, and since then, the team has been steadfast in tracking it.”

The packages are designed for tools like Zoom, Solidity (a programming language for smart contracts on Ethereum, among others), and more. Similar packages were found on NPM, as well.

While both Reversing Labs and Assaraf did not analyze the second-stage payload, BleepingComputer says it is a “heavily obfuscated Windows CMD file” that launches a hidden PowerShell command. Its goal is to decrypt AES-encrypted strings in additional CMD files, to drop further payloads, including malware that gets flagged by just 27 out of 71 antivirus engines.

While the number of compromised endpoints is difficult to determine, Assaraf says it’s most likely in the thousands. He added that the attack was very difficult to spot, since the packages check all the right boxes:

“Looking closely, you can see it has several great indicators for it being real, the high number of installs, the official Zoom Github repo, the positive reviews. Going into the publisher page we continue to get positive reinforcements,” he said. “The domain name looks great, it has the official support email, it has all the official socials, everything checks out.”

The only thing developers can do is exert care when downloading software packages. “Don’t trust – verify” is the usual mantra, especially within the cryptocurrency community.

Via BleepingComputer

You might also like

​ 

This articles is written by : Nermeen Nabil Khear Abdelmalak

All rights reserved to : USAGOLDMIES . www.usagoldmines.com

You can Enjoy surfing our website categories and read more content in many fields you may like .

Why USAGoldMines ?

USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.

Recent:

How long does an SSD last? It’s a tricky question to answer | usagoldmines.com
Today’s best laptop deals: Save big on work, school, home use, and gaming | usagoldmines.com
Follow This End-of-Year Financial Checklist Before 2025 Meredith Dietz | usagoldmines.com
A24's Death of a Unicorn trailer looks like it could be its wildest movie yet, and I'll be first in ...
Thousands of GPS tracking customers have info leaked following data breach | usagoldmines.com
Elevated levels of 'forever chemicals' found in smartwatch bands – here's what you need to know step...
The first official trailer for James Gunn's Superman movie has been revealed, and I'm utterly obsess...
Solving renewable energy’s sticky storage problem Katarina Zimmer, Knowable Magazine | usagoldmines....
Fed up with YouTube TV’s next price hike? Try this | usagoldmines.com
Apple Stops Signing iOS 18.1.1, Downgrading No Longer an Option Tim Hardwick | usagoldmines.com
The EU could force Apple to put AirDrop and AirPlay on Android phones jamie.richards@futurenet.com (...
ExpressVPN enters eSIM market with the launch of holiday.com udita.choudhary@futurenet.com (Udita Ch...
Sick of your AirTags dying on you? This new accessory gives them a decade-long battery life alexblak...
GitHub is making its AI programming Copilot free for VS Code developers | usagoldmines.com
I’m switching to a long-lasting laptop. Here’s why I want Intel inside | usagoldmines.com
How to configure a multi-monitor PC setup like a pro | usagoldmines.com
Apple Faces Criticism Over AI-Generated News Headline Summaries Tim Hardwick | usagoldmines.com
CRM vs. CDP: what’s the difference? | usagoldmines.com
Apple’s long-rumored iPhone subscription service has reportedly been scrapped | usagoldmines.com
Creature Commandos stars open up on how episode 4's two huge plot twists will impact the DCU TV show...
Satya Nadella claims Google "makes more money on Windows than all of Microsoft" | usagoldmines.com
New PS5 Pro details explain what "advanced ray tracing" really means dash.wood@futurenet.com (Dashie...
Sony is officially the largest shareholder of FromSoftware owner Kadokawa | usagoldmines.com
Improved Meta Ray-Ban smart glasses could land in 2025 – with a much requested upgrade hamish.hector...
Microsoft really wants users to ditch passwords and switch to passkeys benedict.collins@futurenet.co...
Report: Apple in Talks with Tencent, ByteDance for Chinese iPhone AI Tim Hardwick | usagoldmines.com
AMD looks to have scrapped its RX 7900 GRE – the graphics card that’s our current pick for best GPU ...
Samsung next-gen OLED TVs' leak, and there's a surprise in the name and a tempting new size | usago...
The OnePlus Open 2 could come with these key upgrades – and the biggest battery yet in a foldable |...
New Samsung Galaxy S25 Ultra and Plus renders give us a clear look at their screens | usagoldmines....
Sony announces new 'Amethyst' collaboration with AMD to develop 'machine learning' technology in gam...
IT firms recognise the gender gap, but not all have plans to fix it | usagoldmines.com
US government mulls entire TP-Link product ban - routers, switches and more all set to be blocked |...
The Russo Brothers' new Netflix movie The Electric State looks like the robot odyssey I've been wait...
Apple Warns of Privacy Risks in EU's DMA Interoperability Requirements Tim Hardwick | usagoldmines.c...
Apple's $1 Billion Investment May Soon End Indonesian iPhone Ban Tim Hardwick | usagoldmines.com
Apple Released the Original AirPods Eight Years Ago Today Hartley Charlton | usagoldmines.com
Creature Commandos episode 4 reveals the DCU's Justice League for the first time, but its showrunner...
Three days left to get $90 off a lifetime license for Microsoft Office 2024 | usagoldmines.com
Supporting business resiliency for all working policies | usagoldmines.com
Search for alternative to WordPress surges worldwide amidst rift between WP-Engine and Matt Mullenwe...
Best laptops 2024: Premium, budget, gaming, 2-in-1s, and more | usagoldmines.com
Now AI can keep you alive after you’re gone, and it’s as creepy as it sounds erichs211@gmail.com (Er...
What a ‘Fart Walk’ Is, and Why You Should Take One Tonight Beth Skwarecki | usagoldmines.com
The Best Bluesky Clients Are Actually Made for Mastadon Justin Pot | usagoldmines.com
TikTok Influencers Are Wrong About Hackers Stealing Credit Card Information Over AirDrop Michelle Eh...
Apple Says Meta is Making Unreasonable Interoperability Requests Under Europe's DMA Requirements Jul...
Quordle today – my hints and answers for Thursday, December 19 (game #1060) | usagoldmines.com
NYT Strands today — my hints, answers and spangram for Thursday, December 19 (game #291) | usagoldm...
NYT Connections today — my hints and answers for Thursday, December 19 (game #557) | usagoldmines.c...
Apple's New AirPods Max Are a Worse Deal Than the Old Model Jake Peterson | usagoldmines.com
Here Are All the Ways to 'Ping' a Lost iPhone Jake Peterson | usagoldmines.com
You Can Now Call 1-800-ChatGPT Using a Phone Line to Get AI Answers Juli Clover | usagoldmines.com
Fake Ledger data breach emails used to trick victims into giving up recovery phrases | usagoldmines...
Amazon’s RTO delays exemplify why workers get so mad about mandates Scharon Harding | usagoldmines.c...
How to tell if a USB cable is hiding malicious hacker hardware | usagoldmines.com
Five Ways to Stop Your House From Getting Dusty so Quickly Emily Long | usagoldmines.com
Additional Airlines Add Support for Apple's Find My for Lost Luggage Feature Juli Clover | usagoldmi...
Apple Releases Safari Technology Preview 210 With Bug Fixes and Performance Improvements Juli Clover...
TikTok will have its day in court, but it's time to ask what we'll do without it lance.ulanoff@futur...
This minuscule mini PC hides an overclocked AMD Ryzen AI HX 370 and promises to beat Nvidia's RTX 20...
Louisiana resident in critical condition with H5N1 bird flu Beth Mole | usagoldmines.com
$2 per megabyte: AT&T mistakenly charged customer $6,223 for 3.1GB of data Jon Brodkin | usagold...
The Newest Kindle Paperwhite Kids Is at Its Lowest Price (and Still in Time for Christmas) Daniel Or...
My 10 Favorite Interview Podcasts of 2024 Lauren Passell | usagoldmines.com
The Backbone One would be an ideal game controller—if the iPhone had more games Samuel Axon | usagol...
Five Great Alternatives to Stanley Cups Lindsey Ellefson | usagoldmines.com
My Favorite High-Tech Water Filtration Pitcher Is on Sale Right Now Lindsey Ellefson | usagoldmines....
Apple Drops Plans for iPhone Hardware Subscription Service Juli Clover | usagoldmines.com
Microsoft’s PC accessories are back, this time with a stylish helping hand from Incase | usagoldmin...
Amazon Fire TV devices get two big hearing aid upgrades for family streaming jacob.krol@futurenet.co...
You can now message ChatGPT on WhatsApp or call it on your landline (if you still have one) erichs21...
Thousands of SonicWall VPN devices are facing worrying security threats | usagoldmines.com
Arm says it’s losing $50M a year in revenue from Qualcomm’s Snapdragon X Elite SoCs Andrew Cunningha...
Elon Musk hints at ‘X Mail,’ a potential Gmail competitor | usagoldmines.com
Get this Core i9 mini PC with 32GB RAM for just $413: Exclusive deal | usagoldmines.com
US govt. is considering a ban on Amazon’s bestselling router brand | usagoldmines.com
Android 16 Developer Preview 2 Released for Pixel Devices Kellen | usagoldmines.com
'Gather Around Cocktails' Is the Best Book for Party Drink Recipes Allie Chanthorn Reinmann | usagol...
Is the Treadmill or Your Watch More Accurate on How Far You've Run? Beth Skwarecki | usagoldmines.co...
Huawei looks set to launch a new server chip with HBM technology to challenge Xeon and Epyc; yes, th...
LG’s incredible, transparent OLED TV is now available to buy, and no it's not cheap al.griffin@futur...
US government urges federal agencies to patch Microsoft 365 now | usagoldmines.com
TP-Link faces possible US ban as hijacked routers fuel Chinese attacks Jon Brodkin | usagoldmines.co...
Call ChatGPT from any phone with OpenAI’s new 1-800 voice service Benj Edwards | usagoldmines.com
Supreme Court to decide if TikTok should be banned or sold Ashley Belanger | usagoldmines.com
These Are the Best Gifts for True Self-Care Lindsey Ellefson | usagoldmines.com
My Favorite Amazon Deal of the Day: The Sony WH-1000XM4 Headphones Daniel Oropeza | usagoldmines.com
Your AirTag's Battery Will Last for Up to 10 Years With Elevation Lab's New TimeCapsule Enclosure Ju...
Apple Seeds First Public Betas of iOS 18.3, iPadOS 18.3, and macOS Sequoia 15.3 Juli Clover | usagol...
The DJI Mic Mini is superb, but there's one big reason I'd pick the Rode Wireless Micro for smartpho...
Prime Video renews Secret Level for season 2, and I hope it levels up its gaming anthology series ne...
The $700 price tag isn’t hurting PS5 Pro’s early sales Kyle Orland | usagoldmines.com
Z-Wave Long Range and its mile-long capabilities will arrive next year Kevin Purdy | usagoldmines.co...
HP Omen Transcend 32 review: An expensive 4K monitor, worth every penny | usagoldmines.com
This ultra-fast USB-C cable is a great last-minute stocking stuffer | usagoldmines.com
Best VPN services 2024: Top picks for speed, price, privacy, and more | usagoldmines.com
The PS VR2 is super cheap right now, and it comes with a free game | usagoldmines.com
Five Smart Tech Gifts for Anyone Who Loves Plants Amanda Blum | usagoldmines.com
23 Christmas Movies That Will Almost Certainly Make You Cry Ross Johnson | usagoldmines.com

Leave a Reply