A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to "infect" over 100 organizations by trojanizing a copy of the popular 'Dracula Official theme to include risky code. Further research into the VSCode Marketplace found thousands of extensions with millions of installs.
  • KazuyaDarklight@lemmy.worldEnglish
    14·
    21 days ago

    “A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to “infect” over 100 organizations by trojanizing a copy of the popular 'Dracula Official theme to include risky code. Further research into the VSCode Marketplace found thousands of extensions with millions of installs.”

    • towerful@programming.devEnglish
      2·
      21 days ago

      The plugin is called “Darcula Official” btw.

      There is a more generic theme (for multiple applications) called Dracula.
      JetBrains IDE has a theme called Darcula, and there are vscode themes on the marketplace that implement this.

      So, it’s more than just a typosquat