VSCode logo in a red vortex

Researchers have found it surprisingly easy to upload malicious Visual Studio Code extensions to the VSCode Marketplace, and discovered signs of threat actors already exploiting this weakness.

Visual Studio Code (VSC) is a source-code editor published by Microsoft and used by roughly 70% of professional software developers worldwide.

Microsoft also operates an extensions market for the IDE, called the VSCode Marketplace, which offers add-ons that extend the application’s functionality and provide more customization options.

Some of these extensions have tens of millions of downloads, so if there was an easy way to spoof them on the platform, malicious actors could quickly attain a respectable number of victims.

These extensions run with a users’ privileges on infected machines, and can be used to install additional programs, steal or tamper with source code in the VSCode IDE, and even use the developer’s SSH key to access connected GitHub repositories.

According to a new report by AquaSec, researchers have found its fairly easy to upload malicious extensions to Microsoft’s Visual Studio Code Marketplace, and have already found a few existing extensions that are very suspicious.

Distributing malicious extensions

As an experiment in uploading a malicious extension to the VSCode marketplace, the AquaSec team attempted to “typosquat” a popular code formatting extension named “Prettier,” which has over 27 million downloads.

However, when creating the extension, they found that they could reuse the real extension’s logo and description and give it the same name as the real extension.

The real extension (left) and fake extension (right)
The real extension (left) and fake extension (right) (AquaSec)

Apparently, publishers are allowed to use a property called ‘displayName,’ so the name of the add-on that appears on the market page doesn’t have to be unique.

Regarding the project details, which display GitHub stats, AquaSec found that this section is updated automatically from GitHub. However, the publisher can still edit the stats freely, so these can be modified to create the sense of an active project with a long history of development.

This didn’t allow the fake extension to be listed with the same number of downloads and have the same search ranking, but the researchers could replicate the legitimate extension’s GitHub project name, last commit times, pull requests, and open issues.

“However, over time an increasing pool of unknowing users will have downloaded our faux extension. As these figures grow, the extension will gain credibility,” explained the AquaSec researchers.

“Additionally, since in the dark web it is possible to purchase various services, an extremely determined attacker could potentially manipulate these numbers by buying services which would inflate the number of downloads and stars.”

Finally, the analysts discovered that the verification badge on the platform means next to nothing, as any publisher that has bought any domain gets the blue tick upon proving the domain ownership. The domain doesn’t even have to be relevant to the software project.

The proof-of-concept (PoC) extension created by AquaSec gained over 1,500 installations in under 48 hours, with the “victim” developers worldwide.

Map of developers who downloaded the fake extension
Map of developers who downloaded the fake extension (AquaSec)

Suspicious VSCode extensions already exist

AquaSec didn’t just prove it’s possible to mimic popular extensions on VSCode Marketplace but also found suspicious examples already uploaded to the marketplace.

Two of these extensions, named “API Generator Plugin” and “code-tester,” exhibited very concerning behavior, sending HTTP requests to the external robotnowai.top URL every 30 seconds and executing the response using the “eval()” function.

The code-tester code
Part of the ‘code-tester’ code (AquaSec)

This information exchange happened on HTTP, so it wasn’t even encrypted, and hence the developers’ traffic was subject to Man-in-the-Middle attacks.

The robotnowai.top domain was hosted on an IP address that has a long history of distributing malicious files according to VirusTotalVirusTotal, ranging from VBS and PowerShell scripts and Windows, Linux, and Android malware.

AquaSec reported both of these extensions to Microsoft, yet they remain on the marketplace at the time of this writing.

VSCode marketplace ripe for abuse

The researchers warn that while Visual Studio Code extensions have received little scrutiny by security researchers, threat actors are commonly looking for new methods to breach corporate networks.

“Ultimately, the threat of malicious VSCode extensions is real. Arguably, in the past, this hasn’t received the highest amount of attention perhaps because we haven’t yet seen a campaign in which it has left a huge impact,” concludes AquaSec’s report.

“However, attackers are constantly working to expand their arsenal of techniques allowing them to run malicious code inside the network of organizations.”

To make matters worse, AquaSec says that Microsoft also offers Visual Studio and Azure DevOps extension marketplaces that appear vulnerable to malicious extensions as well.

With threat actors commonly performing malicious typosquatting campaigns on other package repositories, such as NPM and PyPi, it would not be surprising to turn their focus on Microsoft marketplaces in the future.

Due to this, code developers using VSCode extensions are advised to remain vigilant and scrutinize their add-ons extensively before installing them on production machines.

Source: www.bleepingcomputer.com