<ul><li>Software developers, especially those working on web3 and cryptocurrency projects, are being targeted in a brand new software supply chain attack.</li><li>Malicious Visual Studio Code extensions were found on the VSCode marketplace, designed to download hidden second-stage payloads from shady domains.</li><li>The campaign started in October 2024 and involved heavily obfuscated files as part of the malicious packages.</li><li>Developers are advised to be cautious when downloading software packages and not to trust without verifying.</li></ul>

Developers targeted by malicious Microsoft VSCode extensions

Discover more