{"id":209367,"date":"2025-03-21T06:17:05","date_gmt":"2025-03-21T11:17:05","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/03\/vscode-extensions-found-downloading-early-stage-ransomware"},"modified":"2025-03-21T06:17:05","modified_gmt":"2025-03-21T11:17:05","slug":"vscode-extensions-found-downloading-early-stage-ransomware","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/03\/vscode-extensions-found-downloading-early-stage-ransomware","title":{"rendered":"VSCode extensions found downloading early-stage ransomware"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/vscode-extensions-found-downloading-early-stage-ransomware.jpg\"><\/a><\/p>\n<p>Two malicious VSCode Marketplace extensions were found deploying in-development ransomware, exposing critical gaps in Microsoft\u2019s review process.<\/p>\n<p>The extensions, named \u201cahban.shiba\u201d and \u201cahban.cychelloworld,\u201d were downloaded seven and eight times, respectively, before they were eventually removed from the store.<\/p>\n<p>It is notable that the extensions were uploaded onto the VSCode Marketplace on October 27, 2024 (ahban.cychelloworld) and February 17, 2025 (ahban.shiba), bypassing safety review processes and remaining on Microsoft\u2019s store for an extensive period of time.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Two malicious VSCode Marketplace extensions were found deploying in-development ransomware, exposing critical gaps in Microsoft\u2019s review process. The extensions, named \u201cahban.shiba\u201d and \u201cahban.cychelloworld,\u201d were downloaded seven and eight times, respectively, before they were eventually removed from the store. It is notable that the extensions were uploaded onto the VSCode Marketplace on October 27, 2024 (ahban.cychelloworld) [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-209367","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/209367","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=209367"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/209367\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=209367"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=209367"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=209367"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}