A massive supply chain attack has targeted the Visual Studio Code Marketplace. Attackers uploaded a fake version of the popular “Prettier” code formatter, which was downloaded by thousands of developers. The extension delivers the “Anivia Stealer” malware to exfiltrate login credentials, API keys, and crypto wallets.
Business Impact
This is a direct hit on the software supply chain. Compromised developer workstations allow attackers to steal cloud credentials (AWS/Azure keys), inject malicious code into corporate products, and bypass perimeter defenses. The impact can extend to customers if the malware reaches production builds.
Why It Happened
Attackers used “typosquatting” and manipulated search rankings to trick developers into installing the fake extension instead of the legitimate one. The VS Code Marketplace lacks the strict vetting processes found in mobile app stores.
Recommended Executive Action
Direct your DevOps/Engineering leads to audit all installed VS Code extensions immediately. Block the installation of unapproved extensions and consider using a private extension marketplace or strict allow-lists for development environments.
Hashtags: #SupplyChain #VSCode #DevOps #Malware #AniviaStealer #CyberSecurity #InfoSec #DeveloperSecurity