SlowMist CISO: Supply chain attacks targeting developers are rampant, beware of suspicious VSCode plugins

04-21

This article is machine translated

Show original

On April 21, 23pds, the Chief Information Security Officer of Slow Fog Technology, warned developers by forwarding a post from X platform user @mrdotparasyte, emphasizing the need to be extremely cautious when installing third-party plugins or packages.

Currently, there is a suspicious VSCode plugin named JuanFranBlanco.solidit-vscode, with an obvious spelling error of "solidit" in the plugin Identifier. The plugin has existed for two to three days, and it is currently unclear how many developers have inadvertently fallen victim. At present, supply chain attacks targeting developers are becoming increasingly prevalent, especially unaudited VSCode plugins and npm packages, which have become major disaster areas for such attacks.

Source

Disclaimer: The content above is only the author's opinion which does not represent any position of Followin, and is not intended as, and shall not be understood or construed as, investment advice from Followin.

Add to Favorites

Comments

Relevant content

Followin分析师Andrew

Alpha Sharing | RSI Usage That 90% of People Don't Know

All-in station

Binance announces its process and criteria for listing digital assets.

ODAILY

Coinbase: Say Goodbye to Buying Houses and Speculating in Stocks, Cryptocurrency Becomes the Main Battleground for Young People's Wealth