Unmasking a VS Code Supply Chain Attack

#1691403: Unmasking a VS Code Supply Chain Attack

Description:	Explore one of the most compelling recent software supply chain attacks targeting the popular VS Code platform. This webinar will dissect the compromise of ETHcode, a trusted Visual Studio Code extension for Ethereum smart contract development with nearly 6,000 installs. Hijacked through a GitHub pull request introducing just two lines of malicious code, ETHcode demonstrates how minimal changes can have devastating impacts. ReversingLabs experts will unpack how automated detection flagged these suspicious changes — missed by human reviewers — and reveal lessons for defending against similar threats. Learn how modern development workflows, reliant on community-driven extensions and auto-updating ecosystems, are becoming high-value targets—and what proactive strategies can help protect your organization. Among other things, the webinar will explore: How the attacker used a fake GitHub account to deliver the payload. Why the malicious changes escaped the notice of human code reviewers. What the obfuscated “keythereum-utils” dependency did, and how it nearly went unnoticed. Best practices for detecting and mitigating similar threats in your CI/CD pipeline. Who should attend: Developers, security engineers, and project maintainers who rely on open source ecosystems. You’ll learn how minimal changes can introduce maximum risk — and which proactive strategies can keep your organization safe. Register now. *Live attendees will receive an attendance certificate to be used towards CPE credits.
More info:	https://www.reversinglabs.com/webinar/unmasking-a-vs-code-supply-chain-attack?utm_campaign=This%20Week%20in%20ReversingLabs&utm_source=hs_email&utm_medium=email&utm_content=370596677&_hsenc=p2ANqtz-_w57kulVQY13RPpDz8-AtAD6RAlm9Xedudj-rUBQnLrjKTPJ5O85w-lxdYvQkrKoJQcm3GWebVWjmbRqm6VxBE36UWiw

Description:

Explore one of the most compelling recent software supply chain attacks targeting the popular VS Code platform. This webinar will dissect the compromise of ETHcode, a trusted Visual Studio Code extension for Ethereum smart contract development with nearly 6,000 installs.

Hijacked through a GitHub pull request introducing just two lines of malicious code, ETHcode demonstrates how minimal changes can have devastating impacts.

ReversingLabs experts will unpack how automated detection flagged these suspicious changes — missed by human reviewers — and reveal lessons for defending against similar threats.

Learn how modern development workflows, reliant on community-driven extensions and auto-updating ecosystems, are becoming high-value targets—and what proactive strategies can help protect your organization.

Among other things, the webinar will explore:

How the attacker used a fake GitHub account to deliver the payload.

Why the malicious changes escaped the notice of human code reviewers.

What the obfuscated “keythereum-utils” dependency did, and how it nearly went unnoticed.

Best practices for detecting and mitigating similar threats in your CI/CD pipeline.

Who should attend:
Developers, security engineers, and project maintainers who rely on open source ecosystems. You’ll learn how minimal changes can introduce maximum risk — and which proactive strategies can keep your organization safe.

Register now. *Live attendees will receive an attendance certificate to be used towards CPE credits.

More info:

https://www.reversinglabs.com/webinar/unmasking-a-vs-code-supply-chain-attack?utm_campaign=This%20Week%20in%20ReversingLabs&utm_source=hs_email&utm_medium=email&utm_content=370596677&_hsenc=p2ANqtz-_w57kulVQY13RPpDz8-AtAD6RAlm9Xedudj-rUBQnLrjKTPJ5O85w-lxdYvQkrKoJQcm3GWebVWjmbRqm6VxBE36UWiw

Date added	July 10, 2025, 4:45 p.m.
Source	Reversing Labs
Subjects	Microsoft Visual Studio / Visual Studio Code (VSC) / VSCode / VSCode Marketplace PodCasts / Webcast / Webinar / eSummit / Virtual Event etc. Retail / Supply Chain Industry News
Venue	July 22, 2025, midnight - July 22, 2025, midnight