Malicious VS Code Extension Uses Typosquatting to Deliver Multi-Stage Malware

Popular：

Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Malicious VS Code Extension Uses Typosquatting to Deliver Multi-Stage Malware

2025-02-10

Researchers uncovered a malicious VS Code extension, `truffelvscode`, which typosquatted the popular `truffle` extension. This extension acts as a Trojan horse for multi-stage malware. The malware downloads and executes several stages of malicious code, ultimately installing and configuring the ScreenConnect remote access tool, granting attackers remote control of the compromised system. Obfuscation techniques were used to hide the malicious code, but researchers used deobfuscation and sandbox analysis to reveal the entire attack chain. This incident highlights the importance of caution when installing VS Code extensions and underscores the growing threat of software supply chain attacks.

(www.mend.io)

Development

reCAPTCHA: A Trillion-Dollar Tracking Cookie Farm?

40-Year-Old Conjecture Shattered: New Hash Table Outperforms Expectations