Researchers found a software supply chain attack has infiltrated the Visual Studio Code (VS Code) Marketplace through nineteen malicious extensions that have been active since February 2025.
The extensions — some impersonating legitimate packages — hid executable malware inside what appeared to be harmless PNG image files.
The threat actor is “ …turning a popular and otherwise safe package into a ticking timebomb ready to detonate as soon as one of the malicious extensions is used,” said Reversing Labs researchers.
Developer Environments Under Attack
The campaign represents a serious escalation in threats targeting developer environments, which are often an entry point to broader software supply chains.
According to ReversingLabs, malware detections involving VS Code extensions nearly quadrupled in 2025, rising from 27 cases in 2024 to 105 in the first ten months of 2025.
Because developers commonly trust Marketplace extensions and install them without manual inspection, compromised packages can easily bypass security controls and reach production systems through contaminated code or stolen credentials.
Malware Hidden Inside VS Code Extensions
The attack hinges on tampering with the structure of VS Code extensions, which bundle all their dependencies — including npm packages — inside local node_modules folders.
ReversingLabs found that the threat actors modified the widely used path-is-absolute package, which has received more than 9 billion downloads since 2021.
The attackers added malicious logic to the package’s index.js file, causing it to execute automatically when VS Code starts.
Once triggered, the modified package decodes a JavaScript dropper embedded inside a malicious banner.png file.
The dropper was hidden using layered obfuscation techniques such as base64 encoding and string reversal, making manual inspection extremely difficult.
When executed, the dropper deployed two binaries using cmstp.exe, a legitimate Windows tool frequently abused for code execution.
One binary managed attacker control, while the second — written in Rust — contained more advanced capabilities.
Four additional extensions used alternate concealment methods, storing their binaries in .ts and .map files rather than PNG images, suggesting iterative experimentation by the threat actors.
How Malicious Extensions Bypass Trust
The root of the issue stems from how VS Code extensions are packaged and trusted.
Because extensions bundle their dependencies locally and execute them without requiring additional downloads, tampered components can run seamlessly inside extensions that appear legitimate.
The malicious code launches automatically at startup with no user interaction, bypassing installation warnings, antivirus tools, and Marketplace verification.
This mix of easy exploitation, low detection, and persistence makes it a serious supply chain threat, enabling code tampering, credential theft, CI/CD access, and downstream customer compromise.
Reducing Risk in Developer Workflows
Developer tooling has become an attractive target for attackers looking to quietly compromise software supply chains.
Malicious extensions can blend into trusted workflows, execute automatically, and evade many traditional security controls.
Defending against these threats requires treating developer environments as high-risk assets, not just productivity tools.
- Audit and reduce installed VS Code extensions by verifying authorship, version history, and removing untrusted or unused plugins.
- Enforce extension allowlists and internal vetting by mirroring marketplaces or approving extensions before deployment.
- Scan extensions and bundled dependencies using static and dynamic analysis prior to installation.
- Restrict execution and network behavior of developer tools through endpoint controls, application allowlists, and egress filtering.
- Monitor developer endpoints for suspicious IDE behavior, including unexpected processes, image decoding activity, or persistence attempts.
- Isolate developer environments and rotate credentials to limit blast radius if an extension is compromised.
- Harden CI/CD pipelines with code integrity checks, least-privilege access, and continuous monitoring for misuse.
Collectively, these steps reduce extension risk without disrupting developer productivity.
Software Supply Chains Under Attack
This campaign reflects a broader shift toward targeting developer ecosystems and software supply chains, where trust is implicit and compromise scales quickly.
By tampering with widely used dependencies such as path-is-absolute, attackers gain efficient access to organizations that depend on VS Code as a core part of daily development workflows.
As attackers abuse trusted dependencies at scale, software supply chain security becomes an essential part of your defense.