Vscode | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers have uncovered two malicious extensions in the Visual Studio Code (VSCode) Marketplace that are designed to deploy ransomware that's under development to its users. The extensions, named "ahban.shiba" and "ahban.cychelloworld," have since been taken down by the marketplace maintainers. Both the extensions, per ReversingLabs , incorporate code that's designed to invoke a PowerShell command, which then grabs a PowerShell-script payload from a command-and-control (C2) server and executes it. The payload is suspected to be ransomware in early-stage development, only encrypting files in a folder called "testShiba" on the victim's Windows desktop. Once the files are encrypted, the PowerShell payload displays a message, stating "Your files have been encrypted. Pay 1 ShibaCoin to ShibaWallet to recover them." However, no other instructions or cryptocurrency wallet addresses are provided to the victims, anothe...

Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package registry. The counterfeit versions, named @typescript_eslinter/eslint and types-node , are engineered to download a trojan and retrieve second-stage payloads, respectively. "While typosquatting attacks are hardly new, the effort spent by nefarious actors on these two libraries to pass them off as legitimate is noteworthy," Sonatype's Ax Sharma said in an analysis published Wednesday. "Furthermore, the high download counts for packages like "types-node" are signs that point to both some developers possibly falling for these typosquats, and threat actors artificially inflating these counts to boost the trustworthiness of their malicious components." The npm listing for @typescript_eslinter/eslint, Sonatype's analysis revealed, points to a phony GitHub repo...