Attacks exploiting Visual Studio Code have been launched to remotely compromise targeted systems, according to Cybernews.
Threat actors leveraged social engineering techniques to lure targets into executing a malicious MSI installer-spoofing LNK file that would run an obfuscated script, which ensures persistence and downloads the VSCode command-line interface in the absence of VSCode to enable file access and additional compromise, a report from Cyble Research and Intelligence Labs revealed. After obtaining the targeted systems' running process details and sensitive information, including usernames and user privilege information, attackers proceed with GitHub account infiltration that would enable file modifications. "With this control, the TA can perform a variety of actions, such as installing malware, extracting sensitive information, or altering system settings, potentially leading to further exploitation of the victim’s system and data," said the report, which urged the adoption of sophisticated endpoint protection systems, more stringent scheduled task reviews, and more robust user education on LNK file risks.