Fake news headline. There is no virus installed on millions of computer.
An extension typosquatting an extension with million of install managed to be installed a few hundred of times.I believe they’re referring to lower down in the article, where the researchers analyzed existing extensions on the marketplace:
After the successful experiment, the researchers decided to dive into the threat landscape of the VSCode Marketplace, using a custom tool they developed named ‘ExtensionTotal’ to find high-risk extensions, unpack them, and scrutinize suspicious code snippets.
Through this process, they have found the following:
- 1,283 with known malicious code (229 million installs).
- 8,161 communicating with hardcoded IP addresses.
- 1,452 running unknown executables.
- 2,304 that are using another publisher’s Github repo, indicating they are a copycat.
If you look at the code of one of the “malicious code”, it hit a … local IP, not a remote one.
Does that mean the hacker is in my room??