Two-Line Code Injection in Compromised VS Code Extension Triggers Supply Chain Attack
Posted: Sun Jul 13, 2025 2:54 pm
ReversingLabs (RL) researchers have uncovered a surge in malicious packages targeting cryptocurrency users and developers.
Notably, RL’s Karlo Zanki reported on PyPI packages designed to infiltrate the Solana ecosystem, while Lucija Valentić exposed npm packages that steal crypto funds by injecting code into legitimate local packages.
https://cyberpress.org/two-line-code-in ... extension/
Notably, RL’s Karlo Zanki reported on PyPI packages designed to infiltrate the Solana ecosystem, while Lucija Valentić exposed npm packages that steal crypto funds by injecting code into legitimate local packages.
https://cyberpress.org/two-line-code-in ... extension/