😲 Developers Shocked. Microsoft Disabled VSCode Theme On 3 Million Devices

Mattia Astorino is a developer of one of the most popular themes for VSCode. Solely one among other of his extensions had 3 million users. It is a theme for VSCode called Material Theme —Free.

Just as a reminder, most of the extensions for VSCode are developed for free by people like Mattia.

This article is brought to you by probably the last human tech editor — Tom Smykowski

Two days ago, Amir Assaraf wrote that the theme contains malicious code.

He wrote:

A deep analysis concluded that hiding inside it’s codebase are multiple red flags indicating malicious intent, since reported this extension was pulled from the VSCode marketplace, but it had enough time to expose ~4 million developers and countless organizations. The malicious code seems to be inside a dependency of the theme, which was compromised.

So what we learn Amir did a deep analysis of the theme and found malicious code and reported it to Microsoft.

I was interested to see what was actually the malicious code, but the article only contained link to Amir’s tool called ExtensionTotal page that doesn’t explain it, only shows: