Malicious Pull Request Compromises Popular VS Code Extension Ethcode, Impacting 6,000 Developers

TL;DR

Cybersecurity experts have identified a supply chain attack on the Ethcode VS Code extension, affecting over 6,000 developers. The attack exploited a malicious pull request on GitHub, highlighting the critical need for vigilance in open-source projects.

Introduction

Cybersecurity researchers have flagged a significant supply chain attack targeting a Microsoft Visual Studio Code (VS Code) extension called Ethcode. The extension, installed over 6,000 times, was compromised via a malicious pull request on GitHub, underscoring the vulnerabilities in open-source software supply chains.

Key Details

Attack Overview

• Target: Ethcode, a VS Code extension used by developers.
• Compromise Date: June 17, 2025.
• Method: A malicious pull request opened by a user named Airez299.
• Initial Release: Ethcode was first released by 7finney in 2022.

Impact

The compromise of Ethcode has far-reaching implications:

• Affected Users: Over 6,000 developers who installed the extension.
• Potential Risks: Possible data breaches, unauthorized access, and further malware distribution.

Response and Mitigation

• Detection: The attack was identified by ReversingLabs, a leading cybersecurity firm.
• Mitigation Steps: Developers are advised to remove the compromised extension and monitor their systems for any unusual activity.

Conclusion

The Ethcode compromise serves as a stark reminder of the risks associated with open-source software supply chains. Developers and organizations must remain vigilant and implement robust security measures to protect against such threats.

For more details, visit the full article: Source