- The researchers found 24 malicious extensions in Visual Studio Marketplace and Open VSX Registry Lumma Stealer and another malware
- The attack went to cryptocurrency holders and developers, with compromised extensions replaced quickly after extraction
- Open source extension platforms remain attractive objectives due to their popularity and ease of malware distribution
Cybercriminals are once again addressed to cryptocurrency headlines and developers, smuggling infiners in open source code repositories.
Last week, Bleepingcomputer They reported that the researchers discovered two dozen malicious extensions in the Visual Studio market and the Open VSX registry.
Visual Studio Marketplace and Open VSX Registry are platforms to distribute extensions, and the first is owned by Microsoft and is used in the Visual Studio and Visual Studio code, while the second is a supplier provider, open source designed for VS compatible editors such as Eclipse Theia, Gitpod, SAP Application Studio and others.
Whitecobra aimed at software developers
The attack was seen by KOI cybersecurity researchers, as well as one of the victims, a highly trained and experienced Ethereum editor Zak Cole.
The researchers determined that there were at least 24 malicious extensions on the platforms, and those that were eliminated were quickly replaced by new ones. The extensions, when installed in a Windows device, would implement Lumma Stealer on compromised computers.
Lumma is a known Infoptealer that is capable of obtaining passwords and payment information stored in the browser, exfiltrating confidential files, session cookies and cryptocurrency wallet information.
In MACS, the payload comes in the form of a mach-o binary that runs locally and loads a piece of unknown malware.
The researchers call the Whitecobra threat actor.
Open source software repositories are popular objectives for cybercriminals, since they allow the distribution of malware in a large number of ways, especially on popular platforms such as Visual Studio Marketplace and the Open VSX record. The first, for example, is extremely popular among developers who use Visual Studio and VS Code, since it houses more than 48,000 extensions that are closely integrated with Microsoft products.
Open VSX Registry, on the other hand, is gaining impulse, especially in business and open source environments that use editors compatible with vs. code such as Eclipse Theia, Gitpod and Sap Business Application Studio. There are almost 3,000 extensions of more than 1,500 editors, with more than two million monthly discharges.
Through Bleepingcomputer
