A supply chain attack targeted the Ethcode extension in Visual Studio Code, which has been installed over 6,000 times. The attack was carried out through a GitHub pull request opened by a user named Airez299, who claimed to modernize the codebase. However, the user included malicious code that added an npm dependency called keythereum-utils, which has since been removed from the npm registry. This library downloads an unknown second-stage payload, jeopardizing the extension's security and its users.
The GitHub project received its last non-malicious update on September 6, 2024, before a malicious pull request was opened on June 17, 2025.
The GitHub pull request claimed to add a new testing framework with Mocha integration and contract testing features, but it also sneaked in malicious code.
The compromised extension Ethcode, used to deploy solidity smart contracts, had been installed over 6,000 times and was targeted in a supply chain attack.
The obfuscated JavaScript library keythereum-utils, now removed from the npm registry, was found to contain code for downloading an unknown second-stage payload.
Collection
[
|
...
]