do son 
Image: Amit Assaraf
Microsoft has removed the highly popular Material Theme – Free and Material Theme Icons – Free extensions from the Visual Studio Marketplace, citing the presence of malicious code within these extensions.
Statistics indicate that these extensions have been installed nearly 9 million times. Following their removal, developers who had previously installed them will now receive automatic deactivation alerts, warning them against re-enabling the extensions.
These extensions were created by Mattia Astorino, a well-known developer with a total installation count exceeding 13 million across multiple extensions published on the Visual Studio Marketplace. The presence of malicious code was initially discovered by cybersecurity researchers, who published a report detailing their findings. In response, Microsoft promptly removed the extensions from the marketplace and banned the developer’s account.
Notably, Microsoft’s own security researchers conducted an independent analysis, which corroborated the findings of the initial security report, confirming the presence of suspicious code.
Affected Extensions:
- equinusocio.moxer-theme
- equinusocio.vsc-material-theme
- equinusocio.vsc-material-theme-icons
- equinusocio.vsc-community-material-theme
- equinusocio.moxer-icons
Experts speculate that the malicious code was either introduced through a recent extension update or injected into a compromised dependency, indicating a potential supply chain attack. Another possibility is that the developer’s account was hijacked, leading to unauthorized modifications.
However, Mattia Astorino has strongly denied these allegations, arguing that the issue likely stemmed from an outdated Sanity.io dependency, rather than deliberate tampering. He insists that he never introduced any malicious code into his extensions.
Astorino also criticized Microsoft’s handling of the situation, pointing out that removing the affected dependency would have taken only 30 seconds, yet Microsoft took action without prior communication. Furthermore, the disabling of Material Theme reportedly caused Visual Studio Code to enter a restart loop, an issue he believes Microsoft should be held accountable for.
At present, the full details of the situation remain unclear. For security reasons, users are advised to uninstall these potentially compromised extensions. If Microsoft later determines that the removal was a false alarm, users may reinstall them at their discretion.
