Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

VSCode Pulls Extensions Over Security Risk

February 27, 2025
Reading Time: 2 mins read
in Alerts
PolarEdge Botnet Targets Cisco ASUS QNAP

Microsoft has removed two popular VSCode extensions, “Material Theme – Free” and “Material Theme Icons – Free,” due to security risks, after researchers discovered malicious code within them. The extensions had been downloaded nearly 9 million times, with users receiving alerts that the extensions had been disabled automatically within VSCode. The extensions’ developer, Mattia Astorino, known by the username “equinusocio,” had multiple extensions on the marketplace, collectively amassing over 13 million installs. The suspicious activity was first flagged by cybersecurity researchers Amit Assaraf and Itay Kruk, who specialized in scanning VSCode extensions for malicious code.

The researchers found suspicious and heavily obfuscated JavaScript in the extension’s code, raising red flags about its intent.

The malicious code was particularly concerning because themes in VSCode should be static JSON files, not ones capable of executing any code. The obfuscation of the code suggested that it could be hiding malicious activity. After analyzing the extensions, Microsoft removed them from the marketplace and banned the developer, stating that the actions had nothing to do with copyright issues, but were based solely on malicious intent and potential harm to users.

The researchers speculated that the malicious code might have been introduced during an update to the extensions, potentially via a supply chain attack or a compromised developer account.

They also noted that the code was found in a file called “release-notes.js,” which was intended to show the update release notes, but it contained references to usernames and passwords. Despite the obfuscation, the researchers couldn’t determine the exact nature of the information being referenced. Microsoft assured the public that further details would be provided via the VSMarketplace GitHub repository.

In response, Astorino defended the extensions, claiming that the malicious behavior was due to an outdated dependency from Sanity.io, a headless CMS service. He explained that the dependency had been in use since 2016, and he had not updated it since.

Astorino stated that he had not been contacted by Microsoft before the removal of his extensions and that the issue could have been fixed quickly if he had been informed. However, as Microsoft continues to investigate the situation, users are advised to remove the extensions from their projects as a precaution.

Reference:
  • Microsoft Removes Popular VSCode Extensions Over Security Risks
Tags: Cyber AlertsCyber Alerts 2025CyberattackCybersecurityFebruary 2025
ADVERTISEMENT

Related Posts

Ransomware Hits Ohio Union County

MacOS XCSSET Variant Hits Firefox

September 29, 2025
Ransomware Hits Ohio Union County

Akira Ransomware Beats SonicWall VPN MFA

September 29, 2025
Ransomware Hits Ohio Union County

UK NCSC Warns Of Cisco Firewall Exploits

September 29, 2025
Fake PyPI Login Site Steals Credentials

Fake PyPI Login Site Steals Credentials

September 26, 2025
Fake PyPI Login Site Steals Credentials

Google Warns of BRICKSTORM Malware

September 26, 2025
Fake PyPI Login Site Steals Credentials

Hidden WordPress Backdoors Create Admins

September 26, 2025

Latest Alerts

MacOS XCSSET Variant Hits Firefox

Akira Ransomware Beats SonicWall VPN MFA

UK NCSC Warns Of Cisco Firewall Exploits

Fake PyPI Login Site Steals Credentials

Google Warns of BRICKSTORM Malware

Hidden WordPress Backdoors Create Admins

Subscribe to our newsletter

    Latest Incidents

    Medusa Ransomware Hits Comcast Data

    Ransomware Hits Ohio Union County

    DataCenter Fire Shuts South Korea Sites

    Indian Bank Transfer Records Exposed

    Chinese Cyberspies Hit US Defense Firms

    Neon App Shuts Down After Data Leak

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial