Sign in Subscribe

Researchers Discover Flaw in Visual Studio Code Marketplace Allowing Attackers to Reuse Names of Previously Deleted Extensions

Researchers Discover Flaw in Visual Studio Code Marketplace Allowing Attackers to Reuse Names of Previously Deleted Extensions

Researchers at ReversingLabs, a software supply chain security firm, have uncovered a flaw in the Visual Studio Code (VS Code) Marketplace that allows attackers to reuse the names of previously deleted extensions.

The vulnerability came to light after the team detected a malicious extension called ahbanC.shiba, which closely resembled two others discovered in March 2025: ahban.shiba and ahban.cychelloworld.

Malicious Extensions and Ransomware Behavior

All three extensions were loaders designed to fetch a PowerShell payload from a remote server. The payload encrypted files in a folder named testShiba on the victim’s desktop and then demanded a ransom in Shiba Inu tokens, directing victims to send funds to an unspecified wallet. Researchers noted that the campaign appears to still be in development.

The discovery of ahbanC.shiba raised suspicion because its name was nearly identical to ahban.shiba, one of the previously flagged extensions.

How Extension Naming Works

Each VS Code extension is identified by a unique ID, which combines the publisher’s name and the extension’s name in the format <publisher>.<name>. According to Microsoft’s documentation, the <name> field must be lowercase, contain no spaces, and remain unique across the marketplace.

This raised an important question: how could the extensions ahban.shiba and ahbanC.shiba share the same name despite these rules?

The researchers determined that once an extension is deleted from the repository, its name can be reused by others. However, this behavior does not apply if the extension is merely unpublished by its original author.

Parallels with PyPI

The team also pointed out similarities with the Python Package Index (PyPI). In 2023, researchers discovered that when a PyPI package is deleted, its project name becomes available to any user—so long as the new distribution’s file names differ from those of the deleted package.

PyPI later introduced an exception: names tied to malicious packages are permanently blocked from reuse. According to ReversingLabs, the VS Code Marketplace lacks such safeguards, leaving it open to name takeover attacks.

A New Threat Vector

“The discovery of this issue demonstrates a new threat: the name of any deleted extension can be reused, and by anyone,” the researchers wrote. “This means that if any legitimate and very popular extension is deleted, its name becomes available for takeover.”

Read next