What happened
Researchers found several malicious Visual Studio Code extensions in Microsoft’s VS Code Marketplace. These extensions delivered infostealers that captured credentials, system data, and sensitive developer information.
Who is affected
Developers and organizations that installed the compromised extensions on Windows, macOS, or Linux systems are at risk.
Why CISOs should care
Code editors are widely used across engineering teams. A malicious extension can give attackers direct access to developer environments, internal repositories, and stored credentials. This expands the attack surface and creates a path for supply chain compromise.
3 practical actions
- Audit all VS Code extensions across developer endpoints and remove any unverified or suspicious plugins.
- Enforce policies that limit extension installation to approved and vetted sources.
- Monitor for unusual access patterns from developer machines, including credential theft indicators and unauthorized repository activity.