A member of the community did a deep security analysis of the extension and found multiple red flags that indicate malicious intent and reported this to us.
Our security researchers at Microsoft confirmed this claims and found additional suspicious code.
We banned the publisher from the VS Marketplace and removed all of their extensions and uninstalled from all VS Code instances that have this extension running. For clarity - the removal had nothing to do about copyright/licenses, only about potential malicious intent.
Letting you know that VSCode is unable to uninstall the extension. It prompts me to uninstall, but when I confirm the window refreshes and the extension is still there, triggering the same "is problematic" prompt. This is an infinite loop. Same behavior when trying to uninstall the usual way from the extensions panel.
I had to manually delete the extension's folder in %USERPROFILE%\.vscode\extensions and delete the entry from the json (%USERPROFILE%\.vscode\extensions\extensions.json).
Any update on this? I am not directly impacted, but am unsure about others in my company. Assuming that they may be:
* Any specifics on the (potential) impact for affected users?
* What they should do to get it removed?
Edit: There does seem to be a little bit more information available over at Bleeping Computer[1], but the precise nature of what the malware does is unclear at this time other than that it may be some type of "supply chain attack". It would be good to hear more about the specifics.
It is my understanding that the VSCode team uninstalled this from the marketplace service, as in, it was remotely uninstalled. I just opened my VSCode on an old laptop that had extensions from this actor and everything under his publishing account got removed.
> A member of the community did a deep security analysis of the extension and found multiple red flags that indicate malicious intent and reported this to us.
> As a reminder, the VS Marketplace continuously invests in security
If you’re relying on the community to alert you to the issues in the marketplace, perhaps you’re not investing enough in auditing popular extensions yourself?
I would also suggest that the trust model for VSCode is fundamentally broken - you’re running arbitrary third party code on client machines without any form of sandboxing. This is a level of security you would not deploy into Azure, so why is “run arbitrary 3p code on someone else’s machine” appropriate for VSCode?
While I appreciate the work that the VSCode team does and I use it, the lack of any form of sandboxing has always bothered me.
PSA: every package you install from any package manager from browser extensions to npm/composer etc presents the risk of malware. Because the open source community lacks the financial resources to vet every single version of every package. Demanding this level of security from software provided at no cost that relies on open contributions is wholly unreasonable. If you need that, buy an IDE from a company financially capable of ensuring security and accept the limitations of their offering.
Mitigations like running in a VM might protect your dev workstation. But not code you put into production that relies on third parties.
> Demanding this level of security from software provided at no cost that relies on open contributions is wholly unreasonable
VS Code isn't some kind of hobby project by a couple of dudes on laptops with nothing but the best interests of the community at heart. It's a flagship IDE produced by one of the most valuable tech companies in the world, released for free as a loss leader in service to very specific corporate goals.
When a tech behemoth releases a free IDE as a loss leader and it drives out all of the scrappy open source projects one by one, I think it's reasonable to hold that tech behemoth to tech behemoth standards rather than scrappy open source project standards.
The marketplace isn't operated on a paid contract for vetted extensions. You vet the extensions you use. Most don't, and it's ok. Don't shift the blame and the cost on microsoft though, they don't have to offer it.
Yet Mozilla, for all the flak it gets, isn't paid a dime by its users, but does find resources to vet the most popular extensions. Everything I use is checked by them.
Raymond Hill (of ublock fame) wasn't really impressed with how it is performed, but it's still much better than nothing (which is what MS apparently does).
VSCode is an IDE in name only, it's a glorified text editor, and pretty mediocre one at that. I in "IDE" stands for "integrated", like what you'd expect from JetBrains' products. Or even the real visual studio.
Paid JetBrains user here. What JetBrains gives you is self-implemented add-ons in their marketplace. These are perceived to have the same level of trust as the base product. Then there is the similar level of “might be malware” or “steal your infoware” from (possibly adapted) open source and third parties available on their marketplace.
As a example: Rider (https://www.jetbrains.com/rider/) - a IDE - comes with everything you could possibly need to build and compile .NET apps out of the box, while VSCode - a code editor - relies on extensions (and thus mostly the community surrounding VSCode) for this.
Or to make things more succinct:
* VSCode is a extendable code editor (like vim, neovim, Zed and Sublime)
* Jetbrains Rider is a fully equipped Integrated Development Environment (like Microsoft Visual Studio or its direct sibling Jetbrains IntelliJ IDEA)
And while extensions are optional within a IDE (and often solely used for increased productivity), more often than not they are a necessity in a code editor to even become productive.
I'm a big JetBrains fan, but this distinction is just silly. If you look at the way that JetBrains IDEs are packaged, the differences between IDEs all come down to extensions—which are enabled by default, which are available to install at all. IntelliJ Ultimate can be made to have all the features of PyCharm with the right extension combo. And occasionally they break out a new IDE by taking an extension and making it no longer available for installation elsewhere (like RustRover). The entire architecture is one of plugins.
"Integrated" isn't meant to contrast with a plugin-based system (otherwise JetBrains wouldn't count!), it's meant to contrast with a dev environment built out of a bunch of individual tools and terminal commands run separately.
Good point. In the old times if someone had Eclipse but installed plugins for different language than Java we wouldn't suddenly downgrade Eclipse that it is a text editor.
> Because the open source community lacks the financial resources to vet every single version of every package.
I made the point elsewhere, but this seems to fail in the face of Debian and Red Hat and Canonical who have been publishing mostly-secure distros of exclusively open source software for decades now.
There's a reason why MS and NPM get caught by this sort of shenanigans, but it's not "open source".
Because the attack surface is smaller and more difficult to extract value out of. I think it’s been shown time and time again the more motivated your attacker the more difficult it is to defend and very visible popular platforms see more attacks. NPM and MS represent drastically larger platforms.
Uh... no. There is far (far) more code[1] shipped in the package repository of any Linux distro than in all the world's vscode extensions. Are you being serious? NPM arguably gets a little closer, but only a little.
No, the reason Linux is safe and modern distributors aren't is the "packaging" step. Debian volunteers package software that they understand to be high quality via existing community consensus. You can't just show up to Fedora and say "ship my junkware app", you need to convince the existing community that your stuff doesn't suck.
And that's worked extremely well for decades now, going all the way back to 2BSD being shipped above V7 Unix. The reason MS and NPM et. al. abandoned it isn't just pure experience[2]. They don't want to wait for their repos to fill with good software, they want all the software in it now so that they don't get beaten by whoever their competitors are.
And this is the inevitable result. If you allow anyone to distribute software to your users then you allow everyone to distribute software to your users. And everyone includes a lot of bad people.
[1] With vastly more capability! The distro ships everything from firmware blobs and kernel drivers up through browser glitz and desktop customization. Talk about "attack surface"!
Remember, when we're triggered our reading comprehension goes down and we confuse emotion for facts. Did I say they ship more/less code? No, first I was talking about the user base size and the economic incentives for malicious users.
For the most popular package:
Debian: ~253K installs per month [1]
NPM: ~236M installs per month [2]
VSCode: ~158M installs total [3]
Obviously VSCode is hard to compare, but the most popular Debian package would need 52 years to achieve the total VSCode numbers so I'm sure it's safe to say VSCode beats Debian significantly on installs and NPM wins even more convincingly.
Ok, but let's take a look at how much code is shipping which was your metric:
Debian: 242k submissions per month for amd64 [4]
NPM: ~50k new non-spam packages per month, ~800k new version submissions per month [5]
VSCode: No data available
I don't know how VSCode compares, but clearly NPM beats Debian which makes sense because of how open it is and more importantly how many orders of magnitude there are JS developers vs Linux developers and how much more frequently they update their packages because the overhead is lower for creating a submission.
It's really easy to forget that the number of JS developers or people using IDEs is much larger than the number of Linux users. So NPM still beats Debian on this front. As for the security assumption and how good a job maintainers are doing, I'm not so sure on that either. The xz utils backdoor into SSH was found by a Microsoft employee (i.e. the community) not by Debian maintainers. It's not hard to imagine that the lack of notable security issues (particularly attempts recorded) actually indicates very little review, not that there's a higher bar because the maintainers are more talented or have better incentives for "reasons" - there's a reason Chrome was perceived as having better security than IE (it did - architecture was better) and STILL they see regular successful attacks bypassing all the mitigations.
Again, to reiterate in case the above got you triggered again - NPM & VScode have significantly more users than Debian and that creates economic incentives for attackers. The capabilities of a vulnerability matter less unless you're a state actor because capabilities do not track economic results as strongly. This has so much evidence it shouldn't even need this kind of explanation. Remember when people said that Mac had better security? Well turns out Apple is dealing with all the same vulnerability and spam issues on a closed down system when their popularity went up; again, economic incentives.
The "triggered" bit is just flaming. Please stop that.
But I'm not following how you get from popularity numbers to "attack surface". The latter is a term of art that reflects the amount of complexity on the "outside" of a software system that can be interacted with by an attacker. It correlates well with "amount of code". I don't see that it has any relation at all to number of installs.
I originally used attack surface imprecisely in terms of how many people you compromise with a single vulnerability. In other words the economic value of the attack. But also in the formal term of art, it's still true that NPM has a larger attack surface with many more weak points than something like Debian has. VSCode is trickier since it's a single application, so may not be from that perspective. However, it is basically running Chrome so it is still quite a large attack surface area.
But sure, let's use "amount of code" as a proxy. Debian has ~123GiB of source code [1] across ~65k packages [2] while NPM has 74 GiB [3] if I'm reading it correctly (other sources say 128 GiB) across 3.3 M packages [4]. Given that JS requires less code than C for equivalent functionality (due to a richer runtime & no memory management), any way you slice it, NPM is a much larger attack surface both in terms of number of opportunities and how valuable the attack is.
You do realize this is Microsoft we're talking about here? Not merely a couple dudes in their bedroom doing this in their spare time? I guarantee you that a non-zero percentage of the code in VSCode was paid for.
Then they can pay those developers to sandbox vscode extensions at the very least. I like using vscode sometimes but I'm sure as shit not going to use it if my work bans installing extensions due to security risks.
> You do realize this is Microsoft we're talking about here?
Fiscal responsibility: required
> Not merely a couple dudes in their bedroom doing this in their spare time?
Fiscal responsibility: optional
I would also point out, the malware-infested extension we are talking about presents more as the “two guys in a bedroom” model (though possibly a state-sponsored actor).
Idk if they removed the malicious theme (or if they have it at all), but if MS isn't doing anything beyond just responding to user reports, you might as well switch to an open registry that probably does the same level of security work, and avoid giving them yet another monopoly.
Remember, this is Microsoft! A friend told me of a fairly major corporate firm that found MSFT had arbitrarily pushed an AI tool to run on their SharePoint, scooping up site data outside of any formal agreement to do so. MSFT are no doubt covered by a general agreement but this seems underhand/inept and yet a remarkably common flaw in their approach (I've seen similar behaviour with Teams apps)
> If you’re relying on the community to alert you to the issues in the marketplace, perhaps you’re not investing enough in auditing popular extensions yourself?
I think that's sort of unfair. Of course MS should be relying on the community! That's arguably the best single practice for detecting these kinds of attacks in open source code. Objectively it works rather better even than walled garden environments like the iOS/Android apps stores (which have to be paired with extensive app-level sandboxing and permissions management, something that editor extensions can't use by definition).
The reference case for best practice here is actually the big Linux distros. Red Hat and Canonical and Debian have a long, long track record of shipping secure software. And they did it not on the back of extensive in-house auditing but by relying on the broader community to pre-validate a list of valuable/useful/secure/recommended software which they can then "package".
MS's flaw here, which is shared by NPM and PyPI et. al., is that they want to be a package repository without embracing that kind of upstream community validation. Software authors can walk right in and start distributing junk even though no one's ever heard of them. That has to stop. We need to get back to "we only distribute stuff other people are already using".
I think you missed the part where I’m asking why the extensions aren’t sandboxed whereas they do invest into sandboxing when it comes to renting out their own machines in the cloud. Even browsers try to do sandboxing of extensions. It’s a jarring disconnect and VSCode is well beyond the prototype stage at mass adoption - the lack of sandboxing is confusing and worrying.
> you’re running arbitrary third party code on client machines without any form of sandboxing. This is a level of security you would not deploy into Azure, so why is “run arbitrary 3p code on someone else’s machine” appropriate for VSCode?
More and more, I am starting to think I need to run my development environment (for both work and personal projects) in a VM.
I am on MacOS, so UTM or Parallels would work pretty well I think. Sadly, I think my work explicitly forbids us from running VMs or accessing our services from them.
VSCode in cloud would be great, GitHub tried something similar with GitHub.dev , I haven’t tried it in a while but it didn’t feel quite ready at the time, maybe things have changed
Thanks. Our security researchers will review this today and we might take it down.
We reached out to the new author and he does not have malicious intent, and agreed that we just take down the new extension if we see something is off.
Hi Isidor, excited for this! At Open VSX, we'd love to take a look and potentially flag the extension as malicious on our side as well. Are you aware of the version range that the malicious code was included in? I'm asking because https://open-vsx.org does not have any version published since the extension went closed-source.
Obfuscating Javascript is entirely unnecessary: it signals that the author thinks that they have something to hide.
At the very least, the author has delusional notions about the greatness of their source code and they worry about piracy, meaning that there is a high probability of stupid bugs and that they would be difficult to notice because of the obfuscation.
Of course in this case the default assumption should be that there is something malicious to hide.
False positives suck, and it hurts when it happens.
The publisher account for Material Theme and Material Theme Icons (Equinusocio) was mistakenly flagged and has now been restored. In the interest of safety, we moved fast and we messed up. We removed these themes because they fired off multiple malware detection indicators inside Microsoft, and our investigation came to the wrong conclusion. We care deeply about the security of the VS Code ecosystem, and acted quickly to protect our users.
I understand that the "Equinusocio" extensions author's frustration and intense reaction, and we hear you. It's bad but sometimes things like this happen. We do our best - we're humans, and we hope to move on from this We will clarify our policy on obfuscated code and we will update our scanners and investigation process to reduce the likelihood of another event like this.
These extensions are safe and have been restored for the VS Code community to enjoy.
Again, we apologize that the author got caught up in the blast radius and we look forward to their future themes and extensions. We've corresponded with him to make these amends and thanked him for his patience.
Scott Hanselman and the Visual Studio Code Marketplace Team - @shanselman
Is it possible for you to add color theme/icon theme/keymap only extensions, without any executable code? I think, it will improve the security situation a bit. I don't see why the mentioned kinds of extensions should have any code.
This is really confusing to me. The original discussion was about changing licenses, but somehow (coincidentally?) there was malicious code discovered shortly after? Are these related?
Should be added that the malicious part is often done by a third party that takes over an open source project when the original developer doesn't have the time/energy/money to maintain their open source/free work. Many Chrome extensions end up being sold for thousands or just hundreds of dollars because there's no money in them and the dev isn't all that interested.
Society as a whole could easily avoid this by funding open source/free utilities to the point where malware makers need to spend significant cash to outbid yearly community support, but unfortunately maintaining anything available online for free is a thankless job that barely covers the electricity required to maintain the code.
In this case too, the developers behind the theme seemed to want to monetise their work, which had attained almost 4 million installs, in the past, but found themselves with a rather unwilling customer base. I don't know if they snapped and uploaded something malicious or if they're intentionally making it hard for forks to copy their work, but either way the lesson learned is that if you want to make money you should just abandon your free projects and start something else.
Every time piracy or Youtube ads come up, HNers grandstand on how they don't even pay a dime to the content creators making the hundreds of hours of videos they watch.
GGs if you want a buck for the VSCode theme you made.
I proudly block ads while giving directly to the people that make the stuff I like.
I know I'm in the minority, but I block ads because of memetic hygiene. I don't want to deprive artists but I'm not sitting through adslop for a podcaster's sake.
With Youtube at least, you can buy Youtube premium, so you don't have to sit through Youtube ads without needing an ad blocker (though you'll still have to sit through any ads the Youtuber directly adds into the video itself).
Does the ad blocker do anything on Youtube since you have premium? It'll of course do things on other sites, but I'm wondering if it has any impact on Youtube.
At £12/month YT Premium feels rather expensive for what we'd get out of it (though we have considered it for our Dad who uses it for music and train videos a lot) compared to other subscription services.
Also note that while it takes away the ads, it does nothing about the stalking (which bothers me much more than the adverts themselves) the results from which will be used to serve ads if you cancel in future (and in any case may be made available, directly or otherwise, to third parties, unless that part of the terms has changed).
Netflix 1080p: $18/mo. Netflix 4k: $25/mo. No annual plan.
Youtube Premium, which offers 4k, is $14/mo, or $120/yr for the annual plan (which averages to $12/mo).
UK prices:
Netflix 1080p: £13/mo. Netflix 4k: £19/mo. No annual plan.
Youtube Premium: £12/mo. No annual plan.
It's interesting how in the Youtube Premiums discount over Netflix is smaller in the UK than the US, and how Youtube Premium lacks an annual plan in the UK.
>Also note that while it takes away the ads, it does nothing about the stalking
> > Also note that while it takes away the ads, it does nothing about the stalking
> Does an ad blocker change that?
In many places, yes. Youtube? Less so, but it depends on which blocker(s) are in play.
A DNS based blocker won't help completely as some of the ad/track related requests are coming from their main domain or sub-domains that are used for other things so can't be blocked wholescale. It will block JS and other resources pulling from *.doubleclick.net though.
A browser/add-on based blocker may do much better by being able to more selectively block resource that are tracking related. It will also be able to block data passed via embedded videos in other sites. They can, and probably do, still track based on what you are actually watching via requests to the main domain, no ad blocker can do much about that without blocking the whole site.
When it comes to embedded videos, that reminds me of youtube-nocookie.com . If the website does an embed using youtube-nocookie.com , that prevents I believe what is being described as "stalking".
>The Privacy Enhanced Mode of the YouTube embedded player prevents the use of views of embedded YouTube content from influencing the viewer’s browsing experience on YouTube. This means that the view of a video shown in the Privacy Enhanced Mode of the embedded player will not be used to personalize the YouTube browsing experience, either within your Privacy Enhanced Mode embedded player or in the viewer’s subsequent YouTube viewing experience.
>If ads are served on a video shown in the Privacy Enhanced Mode of the embedded player, those ads will likewise be non-personalized. In addition, the view of a video shown in the Privacy Enhanced Mode of the embedded player will not be used to personalize advertising shown to the viewer outside of your site or app.
I did a thorough combing of the code base when I forked. Just did another audit and still not seeing anything suspicious. Gutting all of the opencollective and changelog code to be 1000% sure.
The only potential risk was the use of sanity to render a changelog. I didn't want to risk it, so I gutted that and a ton of other stuff. Just published a new, stripped down version.
The extension file is still available to download directly from MS.[0] (Which, why if you pull it from users are you still allowing downloads first of all.)
I downloaded the file, and unzipped it. On a cursory glance I see obfuscated code but zero "red flag" level code, has anyone seen the malicious code claimed?
TBH, no criticism on the developers, but the VS Code release notes haven't been interesting or relevant to how I used the editor for years. I think I checked out when they added a terminal client to it and it dominated the release notes for ages.
AI features is one of the bigger innovations in editors in years, I fully understand the enthusiasm, especially given it can be linked to an earnings model. That said, before AI stuff I would've expected them to push integration with Github and Azure more.
Well, I used Emacs for 15-20 years. It has problems of its own -- mostly that it is effectively locked into an antediluvian view of how editors work, and that to use it effectively you end up maintaining large and complex configuration files.
I still use it for some things, but what we really need is a new, different edition of Emacs that has the same basic architecture but a more modern take on all the stuff that dates from the 1980s.
It's not "a problem," it's a difference in philosophy. Sure, VSCode comes accessible out of the box with minimal configuration needed and a GUI-first settings interface. But that comes with its own price - your config is more restricted in what you can do and fragmented across json files, settings menus, and extension options.
In contrast, with Emacs I can change any behavior of any function and command - built-in or third-party with amazing granularity. I can change specific parts of a function without rewriting it, and I don't even need to save that - I can just write a piece of Elisp in a scratch buffer, evaluate it, and test it out immediately.
Also, you are completely wrong with your notion that Emacs is outdated. Modern Emacs tools allow you to do things in a way no other editors let you - you can control video playback, read and annotate PDFs, search through your browser history, and automate things with LLMs.
Not to mention that the problem similar to the one being discussed in the thread would never happen in the Emacs world - nobody would ever get to publish a package with obfuscated Elisp code in it. You always will have full control over the code you download to use.
git uses "plumbing" and "porcelain" commands, referring to victorian-era plumbing systems. Adobe and other publishing tools use terms like "slug", "gutter", "folio", "pica". Debugging tools use terms like "trap", "dump", "patch". You're annoyed with what Emacs calls "window" and "frame"? And what about Tmux's "pane" and "window"; or "session" - "an ancient" term from the time of timesharing systems? Oh boy, if you afraid of words don't ever try to get into Haskell - those FP-crazies do use some real fancy words for their stuff.
> knowledge of Elisp, which has zero other benefits
The same way the knowledge of sql, or awk, or bash, or vim motions, or ssh, or tmux has zero benefits outside of their respective domains? What are you even talking about? I, for one, get daily gains, benefiting from knowing elisp - anything that has to do with text, just about anything can be automated with ease.
Just the other day - watching my colleague over Zoom, I decided to fix that for my note-taking. It took me fifteen minutes to write a piece of Elisp that OCRs any piece of text from a screenshot. Instead of disrupting my teammates all the time, I would now take a screenshot of a screen area with Flameshot, run my custom command and voilà - the text appears in my editor, and I can quickly grab it and use it in my notes.
I don't know where exactly "you've been" and what "you've done", but it really sounds like you haven't seen modern Emacs in practice. When one sees what people can do these days in it, it's hard not to get impressed.
XEmacs Tried to do that, it has been attempted to rewrite the backend of emacs into Rust twice, Guile has tried to interpret emacs lisp twice. The biggest problem is basically how large the user base is and the ability of people to want to perform the port so actually improving the editor is more likely.
GTK+ and webkit has been integrated into emacs and it has a package manager now and configuration is still a problem.
this is not about who they vote for, it's the system that is neoliberal in that allows and incentivizes only maximum profit and puts very little barriers
There will never be some permission model. Like in VBA there is after all this years nothing. VBA would be much less problematic if you could restrict VBA to just one Excel sheet or so
Given that it's been automatically removed from all VS Code instance, is there any way to check if it was previously installed? It's concerning that there's now no way to check if a sytem has been compromised by this
Weirdly, this Wayback link is now also a 404. I didn't realize content can retroactively get removed from the archive like that – doesn't that sort of defeat one of its main purposes?
I am in European time and I do not know what happened on that post (since I was sleeping). I assume it were some heated arguments between maintainer and community about license/copyrights/open source maintenance.
But they didn't murder their own customers. Their customer, a government, did the murdering.
As long as government claims the right to a monopoly on violence, it is reasonable to hold them to far, far higher standards than anyone else, including corporations. There is only so much damage one company or one cartel can do, but with government, the downside is unbounded. As I suspect we're about to see for ourselves.
Git is a fairly mild insult though, roughly equivalent to calling someone annoying. I'm sure at least a few of us have thought Git (the tool) to be aptly named, from time to time.
35+ years ago, my friend insisted it meant the UK definition and, until now, every time I heard the word, I'd think of the time my, otherwise smarty-pants, friend didn't know what the most basic, least offensive, slang meant.
It's pretty mild, but still offensive in the UK. Your friend was right to believe that much. That everyone thinks it means that? No - the US uses it differently for a region of the body slightly less offensive. It's a bit like spunk, which is also fairly offensive in the UK, and fag, which despite having an offensive meaning in the US, is actually traditionally not offensive here, though the US meaning is known and sometimes used - it means "cigarette" here mostly, and "faggot" means something less offensive too (a bunch of sticks or a type of meatball like dish.)
Might be regional but fanny is definitely slang in the US as well, but very quaint/dated, meaning butt. Would generally be used in some sort of context like a grandma telling a kid, 'Get your fanny over here right this second!'
It would never be offensive or used with sexual connotation. It's kind of like the equivalent of wiener.
If you dig into the code on GitHub [1] , you can see it's the same author as the Material Theme. But I'm not sure how the marketplace folks are supposed to track that.
A member of the community did a deep security analysis of the extension and found multiple red flags that indicate malicious intent and reported this to us. Our security researchers at Microsoft confirmed this claims and found additional suspicious code.
We banned the publisher from the VS Marketplace and removed all of their extensions and uninstalled from all VS Code instances that have this extension running. For clarity - the removal had nothing to do about copyright/licenses, only about potential malicious intent.
Expect an announcement here with more details soon https://github.com/microsoft/vsmarketplace/
As a reminder, the VS Marketplace continuously invests in security. And more about extension runtime trust can be found in this article https://code.visualstudio.com/docs/editor/extension-runtime-...
Thank you!