A malicious Nx Console add-on, identified as version 18.95.0, has been detected attacking Visual Studio Code developers. This software, which appears legitimate, acts as a credential stealer, extracting sensitive information from infected systems. The campaign exploits trust in productivity tools to infiltrate development environments, reflecting increased sophistication in software supply chain attacks.
Attack mechanism and risks in productivity extensions 🛡️
The fake add-on is distributed through unofficial repositories or channels, imitating the interface and functionality of the legitimate Nx Console. Once installed, it executes code that accesses environment variables, configuration files, and locally stored authentication tokens. Attackers target developers because they often have access to critical systems, private repositories, and cloud services. This type of threat underscores the need to always verify the source of extensions, even those with recognized names.
When the extension steals more than just your time 😅
Because, of course, it wasn't enough that VS Code extensions consume memory like it's free; now they also take your credentials as a souvenir. The fake Nx Console add-on is the digital equivalent of that colleague who lends you their charger and then clones your credit card. If you used to double-check your code, now you need to triple-check the plugin name before installing it. At least this thief is honest: it doesn't pretend to improve your productivity, just to drain your accounts.