The latest wave also mimics widely used developer tools to maximise installation chances. “The extensions overwhelmingly impersonate widely installed developer utilities: linters and formatters like ESLint and Prettier, code runners, popular language tooling for Angular, Flutter, Python, and Vue, and common quality-of-life extensions like vscode-icons, WakaTime, and Better Comments,” the researchers said. “Notably, the campaign also targets AI developer tooling, with extensions targeting Claude Code, Codex, and Antigravity.”
The researchers added that as of March 13, Open VSX has removed the majority of the transitively malicious extensions, yet a few remain live, indicating ongoing takedowns.
Socket published indicators of compromise (IOCs) tied to the campaign, including the names of dozens of malicious Open VSX extensions and associated publisher accounts believed to be linked to the operation. Additionally, the researchers recommend treating extension dependencies with the same scrutiny typically applied to software packages. Organizations should monitor extension updates, audit dependency relationships, and restrict installation to trusted publishers where possible, as attackers increasingly exploit the developer tooling ecosystem as a supply-chain entry point.
