this post was submitted on 10 Jun 2024
233 points (94.6% liked)

Programming

17313 readers
266 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities [email protected]



founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 12 points 5 months ago (1 children)

Except their summary is wrong. The researchers went on to search other extensions for known malicious code, and found it in thousands of extensions with tens of millions of total installs.

[–] Kuinox -4 points 5 months ago (1 children)

I hopped people here would notice that their "malicious code" detection is totally bogus when the malicious code highlighted hit a local IP address.

[–] [email protected] 2 points 5 months ago (1 children)

Good point. That was in the "static IP" category and not counted in the 200+ million install "malicious code" category, though. It could be a warning sign of false positives, but the example was such a small snippet it could also be opening after a VPN is established. That example was supposedly part of code that opens a connection for shell access from the other end, but without more details it's not really possible to say.

[–] Kuinox -1 points 5 months ago

Tons of devtools summons cmd.exe and do networks. Their claim is that more than 10% of the vscode marketplate is malicious package (i just divided the number of extensions they says is malicious, by the number of extensions)