The Hacker News

Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware

A fake VS Code extension posing as a Moltbot AI assistant installed ScreenConnect malware, giving attackers persistent remote ...
The Hacker News

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Security researchers found two AI-branded VS Code extensions with 1.5M installs that covertly send source code and files to ...

Fake Moltbot AI assistant just spreads malware - so watch out for scams

Moltbot doesn't have a VSCode extension - you're downloading malware instead ...
GIGAZINE

A report that a fake VSCode extension was created and downloaded and that a flaw in the VSCode extension system that makes it easy to insert malicious code was also revealed

Microsoft's text editor 'Visual Studio Code (VSCode)' allows you to add functions and customize the appearance by introducing extensions. Security researchers released 'fake extensions that insert ...
Visual Studio Magazine

Private Preview of GitHub Copilot Extensions Customizes AI Coding Assistance

GitHub introduced Copilot Extensions, providing customized AI assistance by integrating tools from partners like DataStax, Docker and Microsoft Azure directly into the Copilot interface. Announced as ...
Bleeping Computer

Malicious crypto-stealing VSCode extensions resurface on OpenVSX

A threat actor called TigerJack is constantly targeting developers with malicious extensions published on Microsoft's Visual Code (VSCode) marketplace and OpenVSX registry to steal cryptocurrency and ...
InfoWorld

Threat actors are spreading malicious extensions via VS marketplaces

Careless developers publishing Visual Studio extensions to two open marketplaces have been including access tokens and other secrets that can be exploited by threat actors, a security vendor has found ...
Cybernews

Spyware disguised as ChatGPT is harvesting data from 1.5M VS Code developers

Fake AI coding assistants for VS Code, disguised as ChatGPT extensions, infected over 1.5 million developers with spyware.
TechRadar

Developers targeted by malicious Microsoft VSCode extensions

Reversing Labs and Assaraf discover campaign targeting software and web3 devs Multiple packages were hiding weaponized code that deploys stage-two malware The malicious intent was very difficult to ...
Visual Studio Magazine

Threat Actors Keep Weaponizing VS Code Extensions

Threat actors continue to probe Visual Studio Code's extension ecosystem, and a late November incident shows how quickly a trusted developer tool can be turned into a supply chain beachhead. In a ...