According to Mars Finance, Slow Mist Technology's Chief Information Security Officer 23pds warned developers by forwarding a post from X platform user @mrdotparasyte, emphasizing the need to remain vigilant when installing third-party plugins or packages. Currently, there is a suspicious VSCode plugin named JuanFranBlanco.solidit-vscode, and the "solidit" in the plugin Identifier is a clear misspelling. This plugin has been around for two to three days, and it is still unclear how many developers may have inadvertently fallen victim. Currently, supply chain attacks targeting developers are becoming increasingly rampant, especially with unverified VSCode plugins, npm packages, etc., which have become the main areas for such attacks.
View Original
The content is for reference only, not a solicitation or offer. No investment, tax, or legal advice provided. See Disclaimer for more risks disclosure.
Slow Mist CISO: Beware of Suspicious VSCode Plugins Amidst the Surge of Supply Chain Attacks Targeting Developers
According to Mars Finance, Slow Mist Technology's Chief Information Security Officer 23pds warned developers by forwarding a post from X platform user @mrdotparasyte, emphasizing the need to remain vigilant when installing third-party plugins or packages. Currently, there is a suspicious VSCode plugin named JuanFranBlanco.solidit-vscode, and the "solidit" in the plugin Identifier is a clear misspelling. This plugin has been around for two to three days, and it is still unclear how many developers may have inadvertently fallen victim. Currently, supply chain attacks targeting developers are becoming increasingly rampant, especially with unverified VSCode plugins, npm packages, etc., which have become the main areas for such attacks.