Material Theme, a popular choice among developers, is available in both VS Code and other editors. Recently, it was removed from the VS Code Marketplace after the Microsoft team uncovered malicious code hidden in the recent version, obfuscated to conceal its true nature.
Isidor from the VS Code team confirmed that they were alerted by external sources and upon investigation, discovered code believed to be intentionally malicious. As a result, the theme was removed from the Marketplace, and the developer’s account was banned from the system.
Mattia Astorino (@equinusocio) was the original developer of this theme, opening the source under the Apache 2.0 license. However, Astorino has long complained about the lack of support for the project. Later, he attempted to create a paid version along with fixing bugs from the original project.
Currently, there are no details on how the malicious intent of the Material Theme code was executed. On the other hand, VS Code itself is making efforts to enhance the security measures of extensions, limiting their functionality based on user permissions in a similar manner to modern browser extensions. Despite this, the progress on this feature is still ongoing.
TLDR: Material Theme removed from VS Code Marketplace due to hidden malicious code, developer banned. VS Code improving extension security measures.
Leave a Comment