After downloading the source code, the researchers added their own code and copied all the marketing resources.
The team was able to publish their harmful extension within just 30 minutes.
The researchers chose not to disclose the names of the affected companies.
2,304are using another publishers GitHub repo as their official listed repository, suggesting copycat extensions.
This issue poses a direct threat to organizations and deserves the security communitys attention, the researchers warned.
The researchers responsibly reported all the malicious extensions they detected to Microsoft and requested that they be removed.
As of writing this article, many malicious extensions remain available for download via the VSCode Marketplace.
source: www.techworm.net
