Fake VS Code Alerts Spreading Malware to Developers Exposed on GitHub

Post Views: 172

Security Scammers Use Fake Visual Studio Code Alerts to Spread Malware to Developers

A large-scale phishing campaign is targeting developers on GitHub, spreading malware through fake security alerts posted in the Discussions section of various projects.

The Scam:

These scam posts appear as vulnerability advisories, complete with realistic titles, fake CVE IDs, and urgent language, often impersonating real code maintainers or researchers.

According to Socket, the application security company that discovered the campaign, “the goal of the scammers is to trick users into installing malware by presenting them with supposedly patched versions of impacted Visual Studio Code extensions hosted on external services like Google Drive.”

The Impact:

The campaign, which involved posting spam messages across thousands of repositories within a short period, triggers notifications to a large number of tagged users and followers, who may then click on links provided in the alerts to install the malicious software.

What You Can Do:

When encountering suspicious security alerts, developers should verify vulnerability identifiers in authoritative sources, such as the National Vulnerability Database (NVD), CISA’s catalog of Known Exploited Vulnerabilities, or MITRE’s website for the Common Vulnerabilities and Exposures program.

Conclusion:

The recent campaign highlights the importance of being cautious when dealing with security alerts, especially those originating from unfamiliar sources.

About Author

Anuj

See author's posts

Fake VS Code Alerts Spreading Malware to Developers Exposed on GitHub