Summary

A compromised version of the Nx Console extension, version 18.95.0, was identified in the Microsoft Visual Studio Code (VS Code) Marketplace. This version contained a credential stealer targeting developers using VS Code and other code editors.

Key Points

• The compromised extension is named rwl.angular-console, specifically version 18.95.0.
• This extension is a popular tool with over 2.2 million installations.
• It is used as a user interface and plugin for code editors such as VS Code, Cursor, and JetBrains.
• The extension was flagged by cybersecurity researchers for containing a credential stealer.
• The issue affects developers who have installed this specific version from the VS Code Marketplace.

Analysis

The presence of a credential stealer in a widely used extension like Nx Console poses a significant security threat to developers and organizations relying on VS Code. With over 2.2 million installations, the potential impact is substantial, highlighting the need for vigilance in monitoring and managing extensions within development environments.

Conclusion

IT professionals should immediately check for and remove the compromised version 18.95.0 of the Nx Console extension from their systems. Regular audits of installed extensions and keeping them updated to secure versions are recommended to mitigate such risks.