Cybersecurity researchers have discovered a loophole in the Visual Studio Code Marketplace that allows threat actors to reuse names of previously removed extensions.
Software supply chain security outfit ReversingLabs said it made the discovery after it identified a malicious extension named “ahbanC.shiba” that functioned similarly to two other extensions – ahban.shiba and ahban.cychelloworld – that were flagged earlier this March.
All three libraries are designed to act as a downloader to retrieve a PowerShell payload from an external server that encrypts files in a folder called “testShiba” on the victim’s Windows desktop and demands a Shiba Inu token by depositing the assets to an unspecified wallet. These efforts suggest ongoing development attempts by the threat actor.
The company said it decided to dig deeper because of the fact that the name of the new extension (“ahbanC.shiba”) was virtually the same as one of the two others previously identified (“ahban.shiba”).
It’s worth noting that each extension has to have a unique ID that’s a combination of the publisher name and the name of the extension (i.e., <publisher>.<name>). In the case investigated by ReversingLabs, both extensions are differentiated only by the name of the publisher, while the actual name of the extension remains the same.
However, according to Visual Studio Code documentation, the <name> field specified in the extension manifest “should be all lowercase with no spaces” and “must be unique to the Marketplace.”
“So how did extensions ahban.shiba and ahbanC.shiba end up having the same name despite the official documentation’s publishing rules?,” asked security researcher Lucija Valentić, who ultimately found that it is possible to do so once the extension is removed from the repository. But this behavior doesn’t apply to scenarios where an author unpublishes an extension.
It’s worth noting that the ability to reuse the name of deleted libraries also applies to the Python Package Index (PyPI) repository, as demonstrated by ReversingLabs in early 2023.
At the time, it was found that deleting a package would make its project name “available to any other PyPI user” as long as the distribution file names (a combination of the project name, version number, and distribution type) are different from those used in the now-removed distribution.
However, PyPI carves out an exception where PyPI package names can be made unavailable if they were first used by malicious packages. It appears that Visual Studio Code does not have a similar restriction to prevent the reuse of names of malicious extensions.
The development, as observed in leaked Black Basta chat logs, shows how threat actors are looking at poisoning open-source registries with ransomware libraries that demand ransoms from unsuspecting victims who may install them. This makes it all the more crucial for organizations and developers to adopt secure development practices and proactively monitor these ecosystems for software supply chain threats.
“The discovery of this loophole exposes a new threat: that the name of any removed extension can be reused, and by anyone,” Valentić said. “That means that if some legitimate and very popular extension is removed, its name is up for grabs.”
The findings also follow the identification of eight malicious npm packages that have been found to deliver a Google Chrome browser information stealer targeting Windows systems that’s capable of transmitting passwords, credit cards, cryptocurrency wallet data, and user cookies to a railway[.]app URL or a Discord webhook as a fallback mechanism.
The packages, published by users named ruer and npjun, are listed below –
- toolkdvv (versions 1.1.0, 1.0.0)
- react-sxt (version 2.4.1)
- react-typex (version 0.1.0)
- react-typexs (version 0.1.0)
- react-sdk-solana (version 2.4.1)
- react-native-control (version 2.4.1)
- revshare-sdk-api (version 2.4.1)
- revshare-sdk-apii (version 2.4.1)
What’s notable about these packages is the use of 70 layers of obfuscated code to unpack a Python payload that’s engineered to facilitate data theft and exfiltration.
“Open-source software repositories have become one of the main entry points for attackers as part of supply chain attacks, with growing waves using typosquatting and masquerading, pretending to be legitimate,” JFrog security researcher Guy Korolevski said.
“The impact of sophisticated multi-layer campaigns designed to evade traditional security and steal sensitive data highlights the importance of having visibility across the entire software supply chain with rigorous automated scanning and a single source of truth for all software components.”
