malicious-extension
-
Malicious VSCode extensions with 1.5 million installs exfiltrate developer data
Two malicious Visual Studio Code extensions installed about 1.5 million times read and transmit open files and workspace data to China based servers, the technical analysis by Koi Security reports.
-
Two Chrome extensions intercepted traffic and exfiltrated credentials, researchers say
Researchers reported two Chrome extensions named Phantom Shuttle that posed as VPN/speed-test tools but injected hard-coded proxy credentials, routed traffic through attacker-controlled proxies and exfiltrated user credentials and other sensitive data to a command-and-control server.
