vs code2 articles
A Poisoned VS Code Extension Just Breached 3,800 GitHub Repositories
GitHub has confirmed that approximately 3,800 internal repositories were compromised after an employee installed a malicious VS Code extension, which was subsequently removed from the VS Code Marketplace and the affected device secured. The hacker group TeamPCP has claimed responsibility, advertising the stolen data on a cybercrime forum for at least $50,000, though GitHub states there is no evidence that customer data outside the breached repositories was affected. This incident is part of a broader pattern of malicious VS Code extensions targeting developers, with TeamPCP also previously linked to supply chain attacks on platforms including PyPI, NPM, and Docker.
One Dodgy VS Code Extension Later, GitHub Lost 3,800 Internal Repos
GitHub confirmed that approximately 3,800 internal repositories were compromised in a supply chain attack carried out by the hacking group TeamPCP, after an employee installed a malicious VS Code extension on their machine. The attackers claimed to have stolen source code and internal data, offering it for sale for at least $50,000 on an underground forum. GitHub responded by rotating critical credentials and launching an investigation, noting that the attack highlights the significant security risk posed by unvetted developer tools and extensions.