Ouch: critical supply chain attack in one of the most popular VS Code Extensions (2.2M installs)
I was bitten by this today - the payload dropped a Python C2 backdoor and LaunchAgent. (fortunately, it failed to run due to failed dependencies...)
Incidentally, my local install was almost 2 hours after the maintainers claim they pulled it from the marketplace so the real-world exposure window appears to have been substantially longer than 11 minutes.
`2026-05-18 16:34:11.092 [info] Extracted extension to .../nrwl.angular-console-18.95.0`
urbandw311er•38m ago
Incidentally, this is one of the first times where an LLM was genuinely useful in helping me quarantine & identify the issue with a degree of certainty.
If you want further information on how the attack was obfuscated & executed, I posted in the nx-console Issues board [here](https://github.com/nrwl/nx-console/issues/3140) - (apols for the LLM-assisted post, as you would imagine I was in something of a hurry to report it)
urbandw311er•43m ago
I was bitten by this today - the payload dropped a Python C2 backdoor and LaunchAgent. (fortunately, it failed to run due to failed dependencies...)
Incidentally, my local install was almost 2 hours after the maintainers claim they pulled it from the marketplace so the real-world exposure window appears to have been substantially longer than 11 minutes.
`2026-05-18 16:34:11.092 [info] Extracted extension to .../nrwl.angular-console-18.95.0`
urbandw311er•38m ago
If you want further information on how the attack was obfuscated & executed, I posted in the nx-console Issues board [here](https://github.com/nrwl/nx-console/issues/3140) - (apols for the LLM-assisted post, as you would imagine I was in something of a hurry to report it)