March 20, 2025 By Bill Toulas
Two malicious VSCode Marketplace extensions were found deploying in-development ransomware, exposing critical gaps in Microsoft's review process.
The extensions, named "ahban.shiba" and "ahban.cychelloworld," were downloaded seven and eight times, respectively, before they were eventually removed from the store.
It is notable that the extensions were uploaded onto the VSCode Marketplace on October 27, 2024 (ahban.cychelloworld) and February 17, 2025 (ahban.shiba), bypassing safety review processes and remaining on Microsoft's store for an extensive period of time.
The VSCode Marketplace is an online platform where developers can find, install, and share extensions for Visual Studio Code (VSCode). It is widely used by software and web developers, data scientists, and programmers.