• Skydancer
    link
    fedilink
    arrow-up
    12
    ·
    5 months ago

    Except their summary is wrong. The researchers went on to search other extensions for known malicious code, and found it in thousands of extensions with tens of millions of total installs.

    • Kuinox@lemmy.world
      link
      fedilink
      arrow-up
      1
      arrow-down
      5
      ·
      5 months ago

      I hopped people here would notice that their “malicious code” detection is totally bogus when the malicious code highlighted hit a local IP address.

      • Skydancer
        link
        fedilink
        arrow-up
        2
        ·
        5 months ago

        Good point. That was in the “static IP” category and not counted in the 200+ million install “malicious code” category, though. It could be a warning sign of false positives, but the example was such a small snippet it could also be opening after a VPN is established. That example was supposedly part of code that opens a connection for shell access from the other end, but without more details it’s not really possible to say.

        • Kuinox@lemmy.world
          link
          fedilink
          arrow-up
          1
          arrow-down
          2
          ·
          5 months ago

          Tons of devtools summons cmd.exe and do networks. Their claim is that more than 10% of the vscode marketplate is malicious package (i just divided the number of extensions they says is malicious, by the number of extensions)