The Hacker News

Malicious VSX Extension "SleepyDuck" Uses Ethereum to Keep Its Command Server Alive

Researchers uncover SleepyDuck RAT hidden in VSX extension, using Ethereum contracts to control infected hosts.

Fake Solidity VSCode extension on Open VSX backdoors developers

A remote access trojan dubbed SleepyDuck, and disguised as the well-known Solidity extension in the Open VSX open-source registry, uses an Ethereum smart contract to establish a communication channel ...
Bleeping Computer

Malicious crypto-stealing VSCode extensions resurface on OpenVSX

A threat actor called TigerJack is constantly targeting developers with malicious extensions published on Microsoft's Visual Code (VSCode) marketplace and OpenVSX registry to steal cryptocurrency and ...
heise online

Dangerous and invisible worm found in Visual Studio Code extensions

For a few days now, a supply chain attack has been running through the Visual Studio Code marketplaces. Both Microsoft's Marketplace and the alternative Open-VSX marketplace of the Eclipse Foundation ...
XDA Developers on MSN

7 VS Code extensions that make me a better developer

The Jupyter extension brings Jupyter Notebook functionality into VS Code. It lets you create, open, and edit .ipynb files ...
IT News For Australia Business

Hidden "Glassworm" malware spreads through infected VS Code extensions

A new malware worm campaign has infected multiple Microsoft Visual Studio Code extensions using invisible Unicode characters to hide malicious code from both reviewers and security tools, security ...