Taking Down More Malicious VSCode Extensions in the ‘Prettier’ Campaign

Checkmarx Zero reported a campaign of malicious VSCode extensions that impersonate legitimate packages to gain adoption; attackers used brandjacking and artificially inflated install counts to appear legitimate. Multiple malicious packages targeting known extensions were identified and removed from the VSCode and Open VSX marketplaces with very few downloads, and although these extensions contained no payload at the time of discovery, the actors may push malicious updates later.