Ethical Hacking News
A growing number of supply chain attacks are targeting open-source software ecosystems, leaving millions of developers vulnerable to malicious code. The latest example is the compromise of a popular VS Code extension called Ethcode, which has been installed over 6,000 times. As threats escalate, it's essential for developers and experts to work together to develop effective countermeasures against supply chain attacks.
The world of cybersecurity is facing a growing concern with supply chain attacks targeting open-source software, leaving millions of developers vulnerable.A recent example of such an attack compromised a popular VS Code extension called Ethcode, which has been installed over 6,000 times.Threat actors are exploiting the trust in open-source ecosystems to carry out supply chain compromises, including downloading and distributing malicious code.According to ReversingLabs, this is part of a broader trend where attackers are weaponizing public repositories like PyPI and npm to deliver malware directly into developer environments.Data compiled by Sonatype reveals that 16,279 pieces of open-source malware have been discovered in the second quarter of 2025 alone, a 188% jump year-over-year.The Lazarus Group has been attributed to 107 malicious packages that have collectively been downloaded over 30,000 times.
The world of cybersecurity is constantly evolving, and one of the most pressing concerns today is the rise of supply chain attacks. These attacks target not only individual software applications but also entire ecosystems of open-source software, leaving millions of developers vulnerable to malicious code. The latest example of such an attack is the compromise of a popular VS Code extension called Ethcode, which has been installed over 6,000 times.
The vulnerability began when a user named Airez299 opened a pull request on GitHub with a message claiming to have added new testing framework features and updated dependencies. However, unbeknownst to the developers, this was just a ruse to introduce malicious code into the extension. ReversingLabs, a supply chain security company, discovered that 43 commits and approximately 4,000 lines of changes had been made to the codebase, compromising the entire extension.
The malicious code added by Airez299 included an npm dependency called "keythereum-utils" in the project's package.json file. This library was heavily obfuscated and contained code to download a second-stage payload. The package has been downloaded 495 times, making it a potential vector for further attacks.
The attack highlights the growing sophistication of threat actors who are increasingly exploiting the trust in open-source ecosystems to carry out supply chain compromises. According to ReversingLabs, this is part of a broader trend where attackers are weaponizing public repositories like PyPI and npm to deliver malware directly into developer environments.
This incident is not an isolated case. Data compiled by Sonatype reveals that 16,279 pieces of open-source malware have been discovered in the second quarter of 2025 alone, a 188% jump year-over-year. Of these, more than 4,400 malicious packages were engineered to harvest and exfiltrate sensitive information such as credentials and API tokens.
The Lazarus Group, a North Korea-linked threat actor, has been attributed to 107 malicious packages that have collectively been downloaded over 30,000 times. Another set of more than 90 npm packages has been associated with a Chinese threat cluster dubbed Yeshen-Asia that has been active since at least December 2024, harvesting system information and the list of running processes.
The attacks are not limited to just cryptocurrency theft or contract sabotage. Some malicious extensions have also been found to redirect users to gambling sites, serve bogus Apple virus alerts, and even track users by injecting invisible tracking iframes containing unique identifiers.
The rise of supply chain attacks is a growing concern that highlights the need for improved security measures in open-source ecosystems. As developers rely on trusted third-party libraries and tools, it is essential to ensure that these components are thoroughly vetted and monitored for any signs of malicious activity.
In response to this threat, cybersecurity researchers and experts are urging developers to adopt more stringent security practices when using open-source software. This includes regular updates and maintenance of dependencies, as well as careful scrutiny of pull requests and code changes before they are merged into the main codebase.
Furthermore, the development of more effective tools and technologies is necessary to detect and prevent supply chain attacks. Security experts are exploring new approaches such as automated scanning and monitoring of open-source repositories, as well as AI-powered detection systems that can identify suspicious patterns and anomalies in codebases.
In conclusion, the recent compromise of Ethcode highlights the need for greater awareness and vigilance when it comes to supply chain security. As the threat landscape continues to evolve, it is essential that developers, researchers, and experts work together to develop and implement effective countermeasures against these types of attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/A-Growing-Concern-The-Rise-of-Supply-Chain-Attacks-via-Malicious-Open-Source-Software-ehn.shtml
https://thehackernews.com/2025/07/malicious-pull-request-infects-6000.html
Published: Tue Jul 8 10:12:32 2025 by llama3.2 3B Q4_K_M
