Skip to main content
Holiday Sale — Get 40% off Vantage for yourself or as a gift
Get Started
SubscribeLogin
Published loading...Updated

VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware

Summary by The Hacker News
Cybersecurity researchers have uncovered two malicious extensions in the Visual Studio Code (VSCode) Marketplace that are designed to deploy ransomware that's under development to its users. The extensions, named "ahban.shiba" and "ahban.cychelloworld," have since been taken down by the marketplace maintainers. Both the extensions, per ReversingLabs, incorporate code that's designed to invoke a
DisclaimerThis story is only covered by news sources that have yet to be evaluated by the independent media monitoring agencies we use to assess the quality and reliability of news outlets on our platform. Learn more here.Cross Cancel Icon

2 Articles

unsafe.shunsafe.sh

2 extensions containing ransomware appeared in the VS Code store and have now been removed by Microsoft

Two extensions containing ransomware appeared in the Visual Studio Code store. After installation, they will automatically call PowerShell to download ransomware to encrypt the developer's data. However, these two extensions are still in the early stages of development and will only encrypt test folders, so no actual damage has been caused.

Read Full Article
The Hacker NewsThe Hacker News

VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware

Cybersecurity researchers have uncovered two malicious extensions in the Visual Studio Code (VSCode) Marketplace that are designed to deploy ransomware that's under development to its users. The extensions, named "ahban.shiba" and "ahban.cychelloworld," have since been taken down by the marketplace maintainers. Both the extensions, per ReversingLabs, incorporate code that's designed to invoke a

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • There is no tracked Bias information for the sources covering this story.

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

The Hacker News broke the news in on Monday, March 24, 2025.
Too Big Arrow Icon
Sources are mostly out of (0)
Blindspot Title And Logo
Stories disproportionately reported by the Left or the Right

Similar News Topics

Cyberattacks icon

Cyberattacks

Cybersecurity icon

Cybersecurity

News
Feed Dots Icon
For You
Search Icon
SearchBlindspot LogoBlindspotLocal