Security Risks in VS Code Extensions: Ransomware, Cryptomining, and Supply Chain Threats

November 7, 2025 at 06:48 AM

•

1 min read

Security Risks in VS Code Extensions: Ransomware, Cryptomining, and Supply Chain Threats — Photo: The Hacker News

TL;DR Summary

Cybersecurity researchers discovered a vibe-coded malicious VS Code extension with built-in ransomware capabilities, which exfiltrates and encrypts files, and uses GitHub as a command-and-control server. Additionally, 17 npm packages disguised as SDKs were found to stealthily deploy Vidar Stealer, highlighting ongoing supply chain threats in open-source ecosystems. Microsoft has removed the malicious extension from the marketplace, emphasizing the importance of vigilance in software development.

Topics:technology #ai-generated-malware #cybersecurity #malicious-vs-code-extension #npm-packages #ransomware #supply-chain-attack

Share this article

Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities The Hacker News
AI-Slop ransomware test sneaks on to VS Code marketplace BleepingComputer
VSCode Extension Secrets, RediShell, & Living-off-the-LLM wiz.io
Cryptomining targeted by fake VSCode extensions SC Media
AI-Created Malicious VS Code Extension and Trojanized npm Packages Raise New Supply Chain Security Concerns CXO Digitalpulse

Reading Insights

Total Reads

Unique Readers

Time Saved

3 min

vs 4 min read

Condensed

91%

720 → 64 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights