top of page
perceptive_background_267k.jpg

Fake VS Code alerts on GitHub spread malware to developers

Published:

27 March 2026 at 16:51:52

Alert date:

27 March 2026 at 20:07:04

Source:

bleepingcomputer.com

Click to open the original link from this advisory

Supply Chain & Dependencies, Ransomware & Malware

A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code security alerts posted in project Discussion sections. The attackers use these fake alerts to trick developers into downloading malware. This represents a significant supply chain attack vector targeting the developer community through trusted platforms like GitHub. The campaign exploits the trust developers place in VS Code security notifications to deliver malicious payloads.

Technical details

Mitigation steps:

Affected products:

GitHub
Visual Studio Code

Related links:

https://www.bleepingcomputer.com/news/security/fake-vs-code-alerts-on-github-spread-malware-to-developers/

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page