Visual Studio Code Has a Malicious Extension Problem


Cybersecurity researchers said an experiment in developing a fake, malicious extension for the world’s most popular integrated development environment succeeded beyond their wildest expectations.

Researchers Amit Assaraf, Itay Kruk, and Idan Dardikman uploaded an extension to Microsoft source code editing platform Visual Studio Code masquerading as “Dracula Official,” a color theme that records nearly 7.2 million installs.

Assaraf and company named their theme “Darcula Official.”

Extensions are an important feature of VSCode – the idea is for developers to turn their instance of VSCode into a customizable editor with the features they want beyond the bare-bones functionality provided out of the box.