BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

VS Code Marketplace Loophole Lets Hackers Reuse Malicious Extension Names

  • Researchers found that removed extension names on the Visual Studio Code Marketplace can be reused by anyone, opening a new attack vector.
  • Malicious extensions have been discovered, including some that demand cryptocurrency for file decryption.
  • The loophole allows threat actors to reuse names previously linked to removed or malicious extensions, posing supply chain risks.
  • Similar vulnerabilities exist in other repositories, such as PyPI, but with additional safeguards not present in Visual Studio Code.
  • Eight dangerous npm packages have been identified, capable of stealing browser data and transmitting it to external servers.

Researchers at ReversingLabs have identified a security loophole within the Visual Studio Code (VS Code) Marketplace that lets anyone reuse the names of previously removed extensions. This means attackers can upload malicious extensions with the same name as those that were previously deleted.

- Advertisement -

According to ReversingLabs, the discovery happened when they spotted a harmful extension named “ahbanC.shiba.” This extension behaves like older ones, such as ahban.shiba and ahban.cychelloworld, which were flagged in March. These extensions download a PowerShell script that targets files in a Windows “testShiba” folder and requests payment in Shiba Inu tokens sent to an unspecified wallet, effectively functioning as Ransomware.

Researchers found that while each extension on the VS Code Marketplace needs a unique combination of publisher and extension names, the platform allows reuse of an extension name once it has been deleted from the repository. Researcher Lucija Valentić explained, “The discovery of this loophole exposes a new threat: that the name of any removed extension can be reused, and by anyone. That means that if some legitimate and very popular extension is removed, its name is up for grabs.”

The same issue has appeared in other open-source repositories like Python’s PyPI, where removed package names can be registered by a new user. However, PyPI has a rule that prevents reusing names associated with previously known malicious packages. The Visual Studio Code documentation doesn’t have such a safeguard, increasing the risk of supply chain attacks.

Attacks involving popular development tools are rising. Recent leaks from Black Basta, a ransomware group, show discussions about using open-source package confusion for ransomware attacks. In addition, JFrog researchers have discovered eight malicious npm packages that can exfiltrate sensitive data like passwords and cryptocurrency information from Chrome browsers to remote servers. These packages include toolkdvv, react-sxt, react-typex, react-typexs, react-sdk-solana, react-native-control, revshare-sdk-api, and revshare-sdk-apii.

- Advertisement -

These npm packages use deeply layered, obfuscated code to hide Python Malware that can steal user information. JFrog researcher Guy Korolevski said, “The impact of sophisticated multi-layer campaigns designed to evade traditional security and steal sensitive data highlights the importance of having visibility across the entire software supply chain with rigorous automated scanning and a single source of truth for all software components.”

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Crypto’s $2T Crash Awaits BlackRock Shock & FOMO

Bitcoin has stabilized near $60,000 after a downturn erased $2 trillion from the crypto...

Cambridge: Ethereum Energy Intensity Low, Overall Use High

Ethereum consumes roughly 7.87 GWh annually, the second-lowest energy intensity per market value among...

Saylor and Back oppose BIP-110 fork over Bitcoin security fears

Michael Saylor and Adam Back have publicly opposed BIP-110, a temporary Bitcoin fork proposal...

China, India groups target Pakistani police in cyber espionage

Suspected China- and India-aligned threat actors targeted Pakistani law enforcement in a sustained cyber...

AMD Stock Dips 10% Amid AI Volatility Ahead of Q3 Earnings

AMD stock fell nearly 10% from $580 on June 30 to roughly $516 by...

Must Read

7 Best NFT Marketplaces for Every Need

Open Sea | Pianity | Foundation | Magic Eden | SuperRare | Rarible | Theta Drop | Other Platforms | About NFTs | FAQ...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading