VS Code Supply Chain Attack: 19 Extensions Used Typosquatting & Steganography to Deploy Rust Trojan

A sophisticated malware campaign has been uncovered within the Visual Studio Code (VS Code) Marketplace, exposing a new layer of supply chain risk for developers. ReversingLabs (RL) researchers have identified 19 malicious extensions that successfully bypassed standard detection methods by burying their payloads deep within dependency folders.

Active since February 2025 and discovered on December 2, the campaign leverages a clever mix of “typosquatting-adjacent” tactics and steganography to infect developer machines. “The malicious files abused a legitimate npm package to avoid detection and crafted an archive containing malicious binaries that posed as an image: A file with a PNG extension”.

The genius of this attack lies in how VS Code extensions handle their building blocks. Unlike standard npm projects that fetch dependencies on the fly, VS Code extensions come pre-packaged with a node_modules folder containing all necessary libraries. This structure allows extensions to run “out of the box,” but it also gave the attackers a perfect hiding spot.

For this campaign, the threat actors took the highly popular path-is-absolute package—a library with over 9 billion downloads—and modified it locally within their malicious extensions. They didn’t touch the official package on the npm registry; instead, they tampered with the version bundled inside their extension.

“In this way, the threat actor is turning a popular and otherwise safe package into a ticking timebomb ready to detonate as soon as one of the malicious extensions is used,” the report states. Because developers and security tools often trust the contents of node_modules assuming they match the safe public versions, the malicious code went unnoticed.

To further obscure their tracks, the attackers employed a deceptive file named banner.png. While it appeared to be a standard image file for the extension’s marketplace listing, it was actually a weaponized archive.

“The file banner.png, as it turned out, wasn’t an image file. Instead, it is an archive containing two malicious binaries”.

The attack chain begins when the compromised dependency’s index.js file runs upon VS Code startup. It triggers a hidden class that decodes a JavaScript dropper from a file simply named lock. This dropper then extracts the payload from the fake PNG file.

Once unpacked, the malware doesn’t just run; it uses the system against itself. The decoded dropper executes the malicious binaries using cmstp.exe, a legitimate Microsoft Connection Manager Profile Installer tool often abused by hackers as a “Living Off the Land” binary (LOLBIN) to bypass security controls.

One of the binaries manages the execution flow by emulating key presses, while the other is a “more complicated Rust trojan” whose full capabilities are currently under review by researchers.

While most of the identified extensions abused the path-is-absolute package, researchers noted that four extensions used a different vector, modifying the @actions/io package and hiding payloads in TypeScript (.ts) and sourcemap (.map) files instead of the fake image.

“Most of the time, the code for each dependency found in this folder will be the same as the code hosted on npm, so users will blindly trust it without validating it,” the report concludes, highlighting a critical blind spot in current developer security practices.

Related Posts:

• Malicious VS Code Extension Masquerades as Zoom to Steal Chrome Cookies
• A Dangerous Loophole in the VS Code Marketplace Is Allowing Malicious Extensions
• Developers Beware: Supply Chain Attacks Target Visual Studio Code Extensions
• Malicious VS Code Extensions Deliver Spyware, Steal Crypto Credentials