Actually malicious extension only had 250 downloads, 45k installs extension was ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ianzakalwe on May 22, 2023 \| parent \| context \| favorite \| on: Malicious VSCode extensions with more than 45k ins... Actually malicious extension only had 250 downloads, 45k installs extension was sending telemetry only. It’s a very misleading title collapsing two separate incidents into one for the sake of dramatization. This article also highlighted that automated tools used by VS team are pretty good at catching most of similar issues.

newaccount74 on May 23, 2023 [–]

Tracking your host name is not telemetry, it's definitely spyware.

cywick on May 23, 2023 | | [–]

Exactly. Typically, exfiltrating this kind of information is only the first step. Once enough high value targets are caught in this net, the actual malware is deployed.

scotty79 on May 23, 2023 | | [–]

Still, it's not nearly on the same level as exfiltrating secrets.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact