The Latest Supply Chain Attack Vector Targets Visual Studio Marketplace


Share post:

Researchers from Aqua Security have discovered that supply chain attacks are being carried out by hackers using Visual Studio Marketplace.

Researchers found that attackers could pose as well-known VS Code extensions to lure developers into downloading malicious versions, according to a recent report. The majority of developers (about 74.48 percent) use VS Code, making it the most widely used IDE. Part of what makes VS Code so popular is the enormous selection of extensions that are readily available. The researchers raise issues with the verification process as well.

Also read: How No-code Product Designs Are Becoming a Trend for Developers

Developers would anticipate that a blue checkmark would be displayed for authors who have been confirmed to be who they claim to be, but instead it is simply displayed to indicate that the publisher has established domain ownership.

TalkDev Bureau
TalkDev Bureau
The TalkDev Bureau has five well-trained writers and journalists, well versed in B2B enterprise technology industry, and constantly in touch with industry leaders for the latest trends, opinions, and other inputs- to bring you the best and latest in the domain.


Please enter your comment!
Please enter your name here


Related articles

Understanding and Implementing AI and ML Algorithms for Developers

Large language models have dominated the news cycle, but numerous types of machine learning and deep learning with...

HitPaw Unveils Photo Enhancer v2.3.0 with Advanced Features

HitPaw, a digital solutions provider, declares the release of HitPaw Photo Enhancer with advanced features that elevates the...

Asana Declares Human-Centric AI Features for Collaborative Work Management

Asana announced its most recent product capabilities centered on Gen-AI. Adding AI capabilities core to Asana's work management...

Appy Pie Launches Free ChatGPT Plugin for Seamless App Creation

Appy Pie, a leading no-code app development platform, has announced the launch of its GPT-4 powered ChatGPT plugin...