• Skydancer
      link
      fedilink
      arrow-up
      12
      ·
      5 months ago

      Except their summary is wrong. The researchers went on to search other extensions for known malicious code, and found it in thousands of extensions with tens of millions of total installs.

      • Kuinox@lemmy.world
        link
        fedilink
        arrow-up
        1
        arrow-down
        5
        ·
        5 months ago

        I hopped people here would notice that their “malicious code” detection is totally bogus when the malicious code highlighted hit a local IP address.

        • Skydancer
          link
          fedilink
          arrow-up
          2
          ·
          5 months ago

          Good point. That was in the “static IP” category and not counted in the 200+ million install “malicious code” category, though. It could be a warning sign of false positives, but the example was such a small snippet it could also be opening after a VPN is established. That example was supposedly part of code that opens a connection for shell access from the other end, but without more details it’s not really possible to say.

          • Kuinox@lemmy.world
            link
            fedilink
            arrow-up
            1
            arrow-down
            2
            ·
            5 months ago

            Tons of devtools summons cmd.exe and do networks. Their claim is that more than 10% of the vscode marketplate is malicious package (i just divided the number of extensions they says is malicious, by the number of extensions)