Cybersecurity researchers have discovered a loophole in the Visual Studio Code Marketplace that allows threat actors to reuse names of previously removed extensions.

Software supply chain security outfit ReversingLabs said it made the discovery after it identified a malicious extension named "ahbanC.shiba" that functioned similarly to two other extensions – ahban.shiba and ahban.cychelloworld – that were flagged earlier this March.

All three libraries are designed to act as a downloader to retrieve a PowerShell payload from an external server that encrypts files in a folder called "testShiba" on the victim's Windows desktop and demands a Shiba Inu token by depositing the assets to an unspecified wallet. These efforts suggest ongoing development attempts by the threat actor.

The comp

See Full Page