Скачать или смотреть VS CodeSupply Chain Attack: How RL Discovered a Supply Chain Compromise That Humans & AI Missed

Explore one of the most compelling recent software supply chain attacks targeting the popular VS Code platform. This webinar will dissect the compromise of ETHcode, a trusted Visual Studio Code extension for Ethereum smart contract development with nearly 6,000 installs.

Hijacked through a GitHub pull request introducing just two lines of malicious code, ETHcode demonstrates how minimal changes can have devastating impacts.

ReversingLabs experts unpack how automated detection flagged these suspicious changes — missed by human reviewers — and reveal lessons for defending against similar threats.

Learn how modern development workflows, reliant on community-driven extensions and auto-updating ecosystems, are becoming high-value targets—and what proactive strategies can help protect your organization.

Among other things, the webinar will explore:
How the attacker used a fake GitHub account to deliver the payload.
Why the malicious changes escaped the notice of human code reviewers.
What the obfuscated “keythereum-utils” dependency did, and how it nearly went unnoticed.
Best practices for detecting and mitigating similar threats in your CI/CD pipeline.

About RL
ReversingLabs is the trusted name in file and software security, to verify and deliver safe binaries. With the largest Threat Repository in the industry with over 40 billion searchable files, the Fortune 500 trusts their software supply chain security and malware analysis with ReversingLabs. Learn more: https://www.reversinglabs.com/

RL - Trust Delivered.

Be sure to subscribe to RL and follow us on social media →
  / reversinglabs  
  / reversinglabs  
  / reversinglabs  
  / reversinglabs