• @Kuinox@lemmy.world
    link
    fedilink
    -47 months ago

    I hopped people here would notice that their “malicious code” detection is totally bogus when the malicious code highlighted hit a local IP address.

    • @Skydancer@pawb.social
      link
      fedilink
      27 months ago

      Good point. That was in the “static IP” category and not counted in the 200+ million install “malicious code” category, though. It could be a warning sign of false positives, but the example was such a small snippet it could also be opening after a VPN is established. That example was supposedly part of code that opens a connection for shell access from the other end, but without more details it’s not really possible to say.

      • @Kuinox@lemmy.world
        link
        fedilink
        -17 months ago

        Tons of devtools summons cmd.exe and do networks. Their claim is that more than 10% of the vscode marketplate is malicious package (i just divided the number of extensions they says is malicious, by the number of extensions)