- Researchers found 24 malicious extensions at Visual Studio Marketplace and Open VSX register that implemented Lumma Stealer and other malware
- Attacked targeted cryptocurrency holders and developers with compromised extensions quickly replaced after removal
- Open-Source extension platforms remain attractive targets due to their popularity and light malware distribution
Cyber criminals are again targeting cryptocurrency holders and developers by smuggling infosteals to open source coding chair.
Last week, Bleeping computer reported that researchers discovered two dozen malicious extensions at Visual Studio Marketplace and Open VSX Registry.
Visual Studio Marketplace and the Open VSX registration database are both platforms for distribution of extensions, where the former is Microsoft-owned and used in Visual Studio and Visual Studio Code, while the latter is a supplier-neutral, Open-Source alternative designed for VS-CODE Compatible editors as Eclipse Theia, Gitse Theia, Gitpod. SAP Business Application Studio and others.
Whitecobra targeted software devs
The attack was discovered by cyber security researchers Koi as well as one of the victims – a very skilled, experienced Ethereum editor Zak Cole.
The researchers decided that there were at least 24 malicious extensions on the platforms and those removed were quickly replaced with new ones. The extensions when installed on a Windows device would insert Lumma steals on the compromised computers.
Lumma is a well -known infoTealer capable of grabbing passwords and payment information stored in the browser, exfiltering sensitive files, session cookies and cryptocurrency wallet information.
On MacS, the payload comes in the form of a mach-o-binary who performs locally and loads an unknown piece of malware.
The researchers call it threat actor Whitecobra.
Open Source Software warehouses are popular targets for cyber criminals as they enable malware distribution in a myriad of ways, especially on popular platforms such as Visual Studio Marketplace and the Open VSX register. The former, for example, is extremely popular with developers who use Visual Studio and VS Code, as it hosts more than 48,000 extensions that are closely integrated with Microsoft products.
Open VSX register, on the other hand, wins speed, especially in Open Source and Business environments that use VS-Compatible editors such as Eclipse Theia, Gitpod and SAP Business Application Studio. It hosts nearly 3,000 extensions from more than 1,500 publishers with more than two million monthly downloads.
Via Bleeping computer
