Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities

Well written piece on ransomvibing that made it's way into the VS Code marketplace https://t.co/u7dWVJviXs

Extension marketplaces for browsers, code editors, MCP, and more are all designed for consumers and not businesses. They do not want to remove extensions if they don't have to. The risks an individual accepts are not the same as the risks your company does.

Definitely not staging something

@PatrickAlphaC Please be aware that *all* the market places are filled with malware, just follow @secureannex to see. Make sure you validate what they are _before_ you install!

Powerful new Detections are added to Secure Annex. These are already catching subtle exploits like unicode extension names that evade other filters, manipulated download counts, and combinations of suspicious signatures in code.

GitHub and Google testing VS Marketplace security controls?! Glad to see the test attempts have moved on from actually installing a C2 to instead just popping calc. https://t.co/H8RWmR6Ezc

Another edition of "Guess the right solidity". Two of these will compromise your machine the moment you hit install.

Also these domain names are 🤌 https://t.co/2tXzCNKL7g

You can use unicode in VS Code extension names which probably defeats a lot of filters

This is the VS Code extension that I was looking at

100% chance https://t.co/XNEFHNb3il

It's Mythic!

GitHub and Google?! Nice

Whats up 𝐁𝐁?

Vibe-coded ransomware proof-of-concept ended up on Microsoft’s marketplace https://t.co/mAMDvzVIf2

What are chances a 'fonts.js' file that is actually a MacOS script which has variables like 'removedAsian' and is heavily encoded might just be malicious?

Never a dull day

Check it out https://t.co/zTLJ6UZoxx

Ridiculously cool that Tines is able to connect to MCP servers now. Understand entirely what any of the browser or code extensions you use might actually be doing with a simple ask. Orchestrate your extension review process or check if "Hello Kitty - You Glow Girl Cute Live