A new playground: Malicious campaigns proliferate from VSCode to npm

SUMMARY :

This intelligence details the emergence of malicious campaigns spreading from VSCode to npm. Researchers observed an increasing amount of malicious activity in VSCode Marketplace, with threat actors using npm packages to inject malicious code into VSCode IDE. The campaign initially targeted the crypto community but later expanded to impersonate the Zoom application. Malicious extensions contained downloader functionality and were obfuscated with Javascript Obfuscator. The campaign then spread to npm with the package 'etherscancontracthandler'. The analysis highlights the importance of scrutinizing open source, third-party, and commercial code, as well as performing regular security assessments to prevent IDE compromises and protect the software supply chain.

OPENCTI LABELS :

downloader,crypto,obfuscation,software supply chain,npm,malicious extensions,zoom,vscode


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


A new playground: Malicious campaigns proliferate from VSCode to npm