SlowMist CISO: Supply chain attacks targeting developers are rampant, beware of suspicious VSCode plugins

Odaily News SlowMist Technology Chief Information Security Officer 23pds forwarded a post from X platform user @mrdotparasyte to warn developers to be vigilant when installing third-party plugins or packages. There is currently a suspicious VSCode plugin named JuanFranBlanco.solidit-vscode, and the "solidit" in the plugin identifier is an obvious typo. The plugin has been around for two or three days, and it is not clear how many developers have been accidentally "hit". Currently, supply chain attacks against developers are becoming more and more rampant, especially VSCode plugins and npm packages that have not been officially reviewed, which have become the hardest hit areas for such attacks.