Slow Mist CISO: Beware of Suspicious VSCode Plugins Amidst the Surge of Supply Chain Attacks Targeting Developers

robot
Abstract generation in progress

According to Mars Finance, Slow Mist Technology's Chief Information Security Officer 23pds warned developers by forwarding a post from X platform user @mrdotparasyte, emphasizing the need to remain vigilant when installing third-party plugins or packages. Currently, there is a suspicious VSCode plugin named JuanFranBlanco.solidit-vscode, and the "solidit" in the plugin Identifier is a clear misspelling. This plugin has been around for two to three days, and it is still unclear how many developers may have inadvertently fallen victim. Currently, supply chain attacks targeting developers are becoming increasingly rampant, especially with unverified VSCode plugins, npm packages, etc., which have become the main areas for such attacks.

View Original
The content is for reference only, not a solicitation or offer. No investment, tax, or legal advice provided. See Disclaimer for more risks disclosure.
  • Reward
  • Comment
  • Share
Comment
0/400
No comments
Trade Crypto Anywhere Anytime
qrCode
Scan to download Gate app
Community
English
  • 简体中文
  • English
  • Tiếng Việt
  • 繁體中文
  • Español
  • Русский
  • Français (Afrique)
  • Português (Portugal)
  • Bahasa Indonesia
  • 日本語
  • بالعربية
  • Українська
  • Português (Brasil)