VSCode market struck by huge influx of malicious WhiteCobra extensions - so be warned

1 hour ago 4

Phishing, E-Mail, Network Security, Computer Hacker, Cloud Computing Cyber Security 3d Illustration

(Image credit: Shutterstock)

Researchers found 24 malicious extensions in Visual Studio Marketplace and Open VSX Registry deploying Lumma Stealer and other malware
The attack targeted cryptocurrency holders and developers, with compromised extensions quickly replaced after removal
Open-source extension platforms remain attractive targets due to their popularity and ease of malware distribution

Cybercriminals are once again targeting cryptocurrency holders and developers, by smuggling infostealers into open-source code repositories.

Last week, BleepingComputer reported that researchers discovered two dozen malicious extensions in the Visual Studio marketplace and the Open VSX registry.

The Visual Studio Marketplace and the Open VSX Registry are both platforms for distributing extensions, with the former being Microsoft-owned and used in Visual Studio and Visual Studio Code, while the latter is a vendor-neutral, open-source alternative designed for VS Code-compatible editors like Eclipse Theia, Gitpod, SAP Business Application Studio, and others.

WhiteCobra targeting software devs

The attack was spotted by cybersecurity researchers Koi, as well as one of the victims - a highly skilled, experienced Ethereum editor Zak Cole.

The researchers determined that there were at least 24 malicious extensions on the platforms, and those that were removed were quickly replaced with new ones. The extensions, when installed on a Windows device, would deploy Lumma Stealer on the compromised computers.

Lumma is a known infostealer that is capable of grabbing passwords and payment information stored in the browser, exfiltrating sensitive files, session cookies, and cryptocurrency wallet information.

On Macs, the payload comes in the form of a Mach-O binary that executes locally and loads an unfamiliar piece of malware.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The researchers are calling the threat actor WhiteCobra.

Open-source software repositories are popular targets for cybercriminals, since they enable malware distribution in a myriad of ways, especially on popular platforms such as Visual Studio Marketplace and the Open VSX Registry. The former, for example, is extremely popular among developers using Visual Studio and VS Code, as it hosts more than 48,000 extensions that are tightly integrated with Microsoft products.

Open VSX Registry, on the other hand, is gaining momentum, especially in open-source and enterprise environments that use VS Code-compatible editors like Eclipse Theia, Gitpod, and SAP Business Application Studio. It hosts nearly 3,000 extensions from more than 1,500 publishers, with more than two million monthly downloads.

Via BleepingComputer

Microsoft warns about a new phishing campaign impersonating Booking.com
Take a look at our guide to the best authenticator app
We've rounded up the best password managers

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read Entire Article