Developers using Microsoft’s Visual Studio Code (VSCode) editor are being warned to delete, or at least stay away from, 10 newly published extensions which will trigger the installation of a cryptominer.
The warning comes from researchers at Extension Total, who said possibly as many as 1 million of these malicious extensions, which pretend to be popular development tools, may have been installed since April 4, when they were published on Microsoft’s Visual Studio Code Marketplace. However, the researchers also suspect the threat actors may have inflated the download numbers.
Continue reading on CSO.