Summary: Two malicious extensions in the Visual Studio Code Marketplace have been discovered, which deploy early-stage ransomware and were quickly removed. The ransomware encrypts files in a specific folder and demands payment in ShibaCoin, showcasing that it remains under development. Additionally, vulnerabilities in Maven involving typosquatting have been reported, which aim to trick developers into using malicious packages.
Affected: Visual Studio Code Marketplace, Maven Central Repository
Keypoints :
- Two malicious VSCode extensions named “ahban.shiba” and “ahban.cychelloworld” were found to deploy ransomware.
- The ransomware encrypts files in a folder named “testShiba” and demands a payment without providing proper wallet details.
- A malicious Maven package exemplifies typosquatting, impersonating a legitimate OAuth library to harvest credentials.
Source: https://thehackernews.com/2025/03/vscode-marketplace-removes-two.html