Malicious VSCode Extensions Compromise Developer Data, Impact Over 1.5M Users

A serious security threat has been uncovered in the Visual Studio Code Marketplace, with two extensions, collectively installed over 1.5 million times, found to be exfiltrating sensitive developer data to servers in China. This discovery highlights a significant vulnerability for developers who integrate third-party extensions into their development workflows. The compromised extensions, identified by security researchers, are designed to steal credentials, browser information, and even cryptocurrency wallet details. The attack begins when a user installs or updates a seemingly legitimate extension. Once active, the extension deploys malicious scripts capable of accessing critical files, including environment variables containing tokens like NPM_TOKEN and GITHUB_TOKEN, and browser databases. Some instances have shown extensions creating local proxies or enabling hidden desktop sharing. Security experts caution that attackers exploit trusted marketplaces and automatic update features to rapidly distribute malicious code. "Malicious VS Code extensions are being used to steal developer credentials, target crypto assets, and even stage hands-on-keyboard access through IDEs," stated…