Critical Flaw in VS Code Marketplace Allows Reuse of Deleted Extension Names

Researchers at ReversingLabs have discovered a significant vulnerability in the Visual Studio Code Marketplace that permits malicious actors to reuse the names of previously deleted extensions. This flaw was identified after finding a malicious extension named "ahbanC.shiba," which mimicked the behavior of two other extensions, "ahban.shiba" and "ahban.cychelloworld." The technical implications of this vulnerability are profound. By reusing names of deleted extensions, attackers can distribute malicious code disguised as legitimate extensions. This poses a serious risk of supply chain attacks, where malicious code infiltrates development environments and potentially affects numerous downstream users. The discovery highlights a critical gap in the extension naming and management process within the VS Code Marketplace. It underscores the necessity for robust security measures in software marketplaces to prevent such exploits. Continuous monitoring and auditing of extensions are essential to maintain the integrity and security of the marketplace. From a broader perspective, this flaw could erode trust in the VS Code Marketplace if users become hesitant to download extensions due to potential security risks. Cybersecurity professionals must advocate for stricter controls on extension publishing and better naming conventions to mitigate such risks. Organizations should implement additional security measures, such as verifying the integrity of extensions before use and monitoring for suspicious activities related to extension downloads. Developers should also be encouraged to report any suspicious extensions they encounter.