Malicious pull request infects VS Code extension
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A VS Code extension for Ethereum smart contract development, ETHcode, was compromised through a GitHub pull request. The attacker, using a newly created account, submitted a PR that introduced a malicious dependency and code to execute it. The compromise was subtle, involving only two lines of code changes among thousands. The malicious code downloads and runs a batch script from a public file-hosting service, potentially to steal crypto assets or compromise Ethereum contracts. The extension, with nearly 6,000 installs, was removed from the marketplace after discovery. This incident highlights the importance of carefully reviewing contributions, especially from new accounts, and scrutinizing package dependencies in software development workflows.
OPENCTI LABELS :
github,supply chain attack,vs code,ethereum,javascript obfuscation,ethcode,keythereum-utils,pull request
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Malicious pull request infects VS Code extension