Malicious VSCode Extensions: Password Theft and Remote Shell Exploits

20 May 2023
Check Point took the wraps off of three malicious Microsoft Visual Studio extensions on May 4, 2023, aimed at exploiting VSCode Marketplace visitors. These extensions named Theme Darcula dark, python-vscode, and prettiest java, were downloaded by Windows developers nearly 46,000 times. Actors could pilfer credentials, collect system information, and establish a remote shell on the victim's machine.