{"id":596035,"date":"2023-01-10T05:49:25","date_gmt":"2023-01-10T11:49:25","guid":{"rendered":"https:\/\/news.sellorbuyhomefast.com\/index.php\/2023\/01\/10\/the-vscode-marketplace-is-pretty-easy-to-hack-with-malicious-extensions\/"},"modified":"2023-01-10T05:49:25","modified_gmt":"2023-01-10T11:49:25","slug":"the-vscode-marketplace-is-pretty-easy-to-hack-with-malicious-extensions","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2023\/01\/10\/the-vscode-marketplace-is-pretty-easy-to-hack-with-malicious-extensions\/","title":{"rendered":"The VSCode Marketplace is pretty easy to hack with malicious extensions"},"content":{"rendered":"<article aria-label=\"article\" data-id=\"fg4SoY3MiKjbSZgSkYH8wm\">\n<header>\n<nav aria-label=\"Breadcrumbs\">\n<ol>\n<li>\n<a href=\"https:\/\/www.techradar.com\" aria-label=\"Return to Home\">Home<\/a>\n<\/li>\n<li>\n<a href=\"https:\/\/www.techradar.com\/news\" aria-label=\"Return to News\">News<\/a>\n<\/li>\n<li>\n<a href=\"https:\/\/www.techradar.com\/computing\" aria-label=\"Return to Computing\">Computing<\/a>\n<\/li>\n<\/ol>\n<\/nav>\n<\/header>\n<section>\n<div itemprop=\"image\" itemscope itemtype=\"https:\/\/schema.org\/ImageObject\">\n<div>\n<picture><source type=\"image\/webp\" alt=\"Unlocked padlock on a computer keyboard\" onerror=\"if(this.src &#038;&#038; this.src.indexOf('missing-image.svg') !== -1){return true;};this.parentNode.replaceChild(window.missingImage(),this)\"   data-original-mos=\"https:\/\/cdn.mos.cms.futurecdn.net\/2dRbwJWAik7irwYGwxtjYC.jpg\" data-pin-media=\"https:\/\/cdn.mos.cms.futurecdn.net\/2dRbwJWAik7irwYGwxtjYC.jpg\"><source type=\"image\/jpeg\" alt=\"Unlocked padlock on a computer keyboard\" onerror=\"if(this.src &#038;&#038; this.src.indexOf('missing-image.svg') !== -1){return true;};this.parentNode.replaceChild(window.missingImage(),this)\"   data-original-mos=\"https:\/\/cdn.mos.cms.futurecdn.net\/2dRbwJWAik7irwYGwxtjYC.jpg\" data-pin-media=\"https:\/\/cdn.mos.cms.futurecdn.net\/2dRbwJWAik7irwYGwxtjYC.jpg\"><img decoding=\"async\" src=\"https:\/\/cdn.mos.cms.futurecdn.net\/2dRbwJWAik7irwYGwxtjYC-320-80.jpg\" alt=\"Unlocked padlock on a computer keyboard\" onerror=\"if(this.src &#038;&#038; this.src.indexOf('missing-image.svg') !== -1){return true;};this.parentNode.replaceChild(window.missingImage(),this)\"   data-original-mos=\"https:\/\/cdn.mos.cms.futurecdn.net\/2dRbwJWAik7irwYGwxtjYC.jpg\" data-pin-media=\"https:\/\/cdn.mos.cms.futurecdn.net\/2dRbwJWAik7irwYGwxtjYC.jpg\"><\/picture>\n<\/div>\n<p><meta itemprop=\"url\" content=\"https:\/\/cdn.mos.cms.futurecdn.net\/2dRbwJWAik7irwYGwxtjYC.jpg\"><br \/>\n<meta itemprop=\"height\" content=\"600\"><br \/>\n<meta itemprop=\"width\" content=\"338\"><figcaption itemprop=\"caption description\">\n<span itemprop=\"copyrightHolder\">(Image credit: Unsplash \/ Fly:D)<\/span><br \/>\n<\/figcaption><\/div>\n<div id=\"article-body\">\n<p>VSCode Marketplace, a repository for Visual Studio Code (VSC) externsions, has poor security defenses, allowing threat actors to abuse it and distribute malicious code among the millions of its users, experts have warned.<\/p>\n<p>A report from AquaSec tested the platform and concluded that abusing it to distribute <a href=\"https:\/\/www.techradar.com\/best\/best-malware-removal\" target=\"_blank\" rel=\"noopener\">malware<\/a><span> (opens in new tab)<\/span> was ridiculously easy.\u00a0<\/p>\n<p>Furthermore, the researchers claim they weren\u2019t the first to spot the flaws &#8211; some threat actors were already active.\u00a0<\/p>\n<h2 id=\"spoofing-important-details\">Spoofing important details<\/h2>\n<p>In a <a href=\"https:\/\/blog.aquasec.com\/can-you-trust-your-vscode-extensions\" target=\"_blank\" data-url=\"https:\/\/blog.aquasec.com\/can-you-trust-your-vscode-extensions\" rel=\"noopener\">blog post<\/a><span> (opens in new tab)<\/span>, AquaSec&#8217;s team outlined how it tried to upload a typosquatted, malicious version of a popular extension with 27 million downloads.\u00a0<\/p>\n<p>It realized that the malware needed not even be typosquatted &#8211; \u00a0the platform has a feature called \u2018displayName\u2019 allowing the authors to name their extensions however they like &#8211; the name does not need to be unique. So, they named it exactly the same as the legitimate one.<\/p>\n<p>Then, they realized that they could also use the same logo and description as the legitimate project.<\/p>\n<p>Also, the details, while they get pulled from GitHub, can later be edited. That means that the attackers can easily spoof the project details and present the malware as a legitimate tool with a long development history. The only thing that couldn\u2019t be spoofed was the number of downloads and the search ranking.\u00a0<\/p>\n<p>&#8220;However, over time an increasing pool of unknowing users will have downloaded our faux extension. As these figures grow, the extension will gain credibility,&#8221; AquaSec said. &#8220;Additionally, since in the dark web it is possible to purchase various services, an extremely determined attacker could potentially manipulate these numbers by buying services which would inflate the number of downloads and stars.&#8221;<\/p>\n<p>AquaSec also looked at the verification badge on VSCode Marketplace and concluded that the feature is meaningless, as any published with a purchased domain gets one, regardless of the relevance of the domain to the software project.<\/p>\n<p>While the researchers only made a proof-of-concept, they also found actual malicious code lurking in the store. These are named \u201cAPI Generator Plugin\u201d and \u201ccode tester\u201d.<\/p>\n<p>Visual Studio Code is Microsoft\u2019s source-code editor, used by some 70% of professional software developers worldwide, according to <em>BleepingComputer<\/em>. The extensions can be used to install additional programs, steal source code, or tamper with it in other ways in the VSCode IDE.<\/p>\n<ul>\n<li>Check out the <a href=\"https:\/\/www.techradar.com\/best\/firewall\" target=\"_blank\" rel=\"noopener\">best firewalls<\/a><span> (opens in new tab)<\/span> around<\/li>\n<\/ul>\n<p>Via: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/vscode-marketplace-can-be-abused-to-host-malicious-extensions\/\" target=\"_blank\" data-url=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/vscode-marketplace-can-be-abused-to-host-malicious-extensions\/\" rel=\"noopener\">BleepingComputer<\/a><span> (opens in new tab)<\/span><\/p>\n<\/div>\n<div data-hydrate=\"true\" data-reactroot id=\"slice-container-newsletterForm-articleInbodyContent\">\n<section>\n<p>Sign up to theTechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!<\/p>\n<\/section>\n<\/div>\n<div data-reactroot id=\"slice-container-authorBio\">\n<p>Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he\u2019s written for numerous media outlets, including Al Jazeera Balkans. He\u2019s also held several modules on content writing for Represent Communications.<\/p>\n<\/div>\n<\/section>\n<p><a href=\"https:\/\/www.techradar.com\/news\/the-vscode-marketplace-is-pretty-easy-to-hack-with-malicious-extensions\" class=\"button purchase\" rel=\"nofollow noopener\" target=\"_blank\">Read More<\/a><br \/>\n Margarett Mcnaught<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Home News Computing (Image credit: Unsplash \/ Fly:D) VSCode Marketplace, a repository for Visual Studio Code (VSC) externsions, has poor security defenses, allowing threat actors to abuse it and distribute malicious code among the millions of its users, experts have warned.A report from AquaSec tested the platform and concluded that abusing it to distribute malware<\/p>\n","protected":false},"author":1,"featured_media":596036,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[24845,46,94689],"tags":[],"class_list":{"0":"post-596035","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-marketplace","8":"category-technology","9":"category-vscode"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/596035","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=596035"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/596035\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/596036"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=596035"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=596035"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=596035"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}