A compromised line of code in a dark-themed code editor, highlighted in red to signify a security vulnerability.

Cybersecurity

Compromised VS Code Extension Steals Credentials

TL;DR: A compromised version of the popular Nx Console extension (v18.95.0) was published on the VS Code Marketplace. The malicious version, installed by developers, contained a credential stealer. The extension, with over 2.2 million installations, poses a significant risk to affected users and their organizations.

By Neeraj DhimanThe Hacker News2h ago1 min readupdated 2h ago

Source

Key facts

Category: Cybersecurity
Impact: Low
Published: 2h ago
Source: The Hacker News

Full summary

A compromised version of the popular Nx Console extension for VS Code was found to contain a credential stealer, affecting its large user base.

Security researchers have identified a malicious version of the widely-used Nx Console extension on the official Microsoft Visual Studio Code (VS Code) Marketplace. The compromised version, specifically 18.95.0 of the extension identified as rwl.angular-console, was found to contain a credential stealer. Nx Console is a popular user interface plugin for various code editors, including VS Code, Cursor, and JetBrains, and the VS Code extension alone boasts over 2.2 million installations. The malicious code was embedded within what appeared to be a legitimate update, tricking developers into installing a tool designed to steal their sensitive information.

This incident poses a significant security risk, as developers' machines are gateways to critical company assets. Stolen credentials can grant attackers access to source code repositories, cloud infrastructure accounts, internal networks, and other sensitive systems. The large installation base of Nx Console means the potential impact is widespread, affecting everyone from individual developers to large enterprise teams. This attack underscores the growing trend of supply chain attacks targeting the software development lifecycle, where trusted tools are weaponized. It highlights the vulnerability of even official and popular extensions within widely-used development environments.

Why it matters

This attack targets developers directly, turning a trusted tool into a credential stealer. Stolen developer credentials can provide attackers with deep access to source code, cloud infrastructure, and other critical company assets, leading to major security breaches.

Business impact

A breach originating from a compromised developer tool can lead to intellectual property theft, data exfiltration, and costly system downtime. It damages company reputation and customer trust, and can result in significant financial losses from incident response and recovery efforts.

⚡ Action needed

Developers using the Nx Console VS Code extension must immediately check if they have version 18.95.0 installed. If this version is present, it should be removed, and all potentially compromised credentials should be rotated.

Action checklist

1Check your Nx Console extension version in VS Code.
2If you have version 18.95.0, uninstall it immediately.
3Update to the latest, safe version of the extension once available.
4Rotate all credentials stored locally, including API keys, SSH keys, and cloud service passwords.
5Review recent activity on your accounts for any signs of unauthorized access.