BLOG

The OpenSourceMalware Show #12

Interview with Head of Security at Open VSX, plus new PolinRider research, and two security venders get in trouble with the community

By cb482791-4ef1-4762-96ad-b0ca4bdd538e ·

The OpenSourceMalware Show #12

The OpenSourceMalware Show is available on YouTube, LinkedIn, and as a podcast.

This week we talked about:

  • PolinRider jumps the fence — Paul's research on North Korea's automated repo-hijacking campaign spreading into the Go and PHP ecosystems without any extra effort from the threat actors

  • Cybersecurity startup publishes infostealers to npm — a vendor publishing malicious packages to manufacture threat data for its own marketing, and getting their npm account pulled for it

  • MeetingTV sues Palo Alto Networks — a lawsuit alleging Koi Security's AI-assisted analysis hallucinated a company's domain onto a C2 infrastructure list, with real business fallout

This episode also features an interview with Mikael Barbero (Head of Security, Eclipse Foundation) on OpenVSX security — We covered OpenVSX's explosive growth, its pre-publish scanning pipeline, looking for "sleeper malicious" extensions, publisher verification, and token management.

Episode Resources

Transcript

[00:00:00] Jenn Gile: Hello. It is Thursday, July 9th. Uh, I've got my afternoon coffee. I had it a little late today. I was running a little slow. How are things with you, Paul?

[00:00:14] Paul McCarty: Yeah, good, good. I'm trying to find the, um, the LinkedIn, um, event so I can re-post it saying we're, we're live now. I was about to say we're going live, but no, we're here.

[00:00:22] Paul McCarty: We're here. We're live. We're

[00:00:22] Jenn Gile: live. It's happened. We're- Don't worry about

[00:00:24] Paul McCarty: it ... we're live. Um- Oh my God, this week has been so freaking busy and it went so quick. Oh my gosh.

[00:00:29] Jenn Gile: You were up, uh, in Brisbane last night, is that right? At the- I was. Yep ... OWASP chapter meeting. What was your talk on?

[00:00:37] Paul McCarty: Yeah, it was on, like, hunting threats, adversary threats in, in GitHub.

[00:00:41] Paul McCarty: Um, and the great thing is that we actually had some people from GitHub there and Microsoft there, so, um- Love it ... I did not, I did not, um, uh, modulate my comments, based on their presence. Um, but, uh, yeah, it went really well, and it's b- it's basically a teaser. So I tried, like, the first half of the talk, Jen, was, like, just introducing people to this idea of the two software, you know, threats.

[00:01:06] Paul McCarty: Like the vulnerable, you know, threats, which OWASP is... The OWASP top 10 is there to address, and then this other risk that we're not really talking about that AppSec tools don't help you with, which is, you know, m- the intentionally malicious threat, right? Um, introducing that, and then I segued eventually into, like, finding, hunting in real time in front of people, actual DPRK threats in GitHub.

[00:01:28] Paul McCarty: And I have a lot of those, because we found, you know, 2,500 PolinRider, which we'll talk about later. But, like, oh my gosh, there's just so much material, so much canvas.

[00:01:38] Jenn Gile: Yeah. Well, a little teaser, this is the same topic we're doing a workshop on, uh, at DEF CON. So if you're gonna be at DEF CON, uh, definitely come check it out.

[00:01:47] Jenn Gile: I don't think the schedule has been released yet for the Adversary Village or the AppSec Village, but we'll be in those-

[00:01:53] Paul McCarty: Yeah. Uh, one really observation about that really quickly, somebody drove down from the Sunshine Coast all the way down to the, to Brisbane, which is, like, only, like, an hour, hour and a half or something.

[00:02:01] Paul McCarty: But they couldn't get into the building because, you know, it's, it was at the Octopus Deploy headquarters. So I really feel bad. John, I'm sorry that happened. You may, um, you know... We're, we're gonna address it for next month's-

[00:02:12] Jenn Gile: Yeah, those are always tricky when you have the host have, uh, strict security. Um-

[00:02:17] Paul McCarty: Yep

[00:02:18] Jenn Gile: I've definitely- I'm actually- ... run into that

[00:02:20] Paul McCarty: before ... I'm gonna post about it on LinkedIn just as a heads-up. Yeah. Post somebody at the front door, right?

PolinRider jumps the fence into new ecosystems

[00:02:26] Jenn Gile: All right. So, uh, I think we have a couple of quick hits, and then as we've been talking about for a couple weeks now, we're gonna have an extended interview with the head of security, uh, Mikael Barbero from Open VSX.

[00:02:40] Jenn Gile: But first, our quick hits. So Paul, we published two pieces of research this week, right? Um, the first is about the PolinRider campaign. This is a Lazarus Group North Korean, uh, campaign that you discovered earlier this year, that's kind of a, a little bit of a spin-off of Contagious interview that's more focused on taking over GitHub repositories.

[00:03:03] Jenn Gile: But what I think is super interesting about the research that you- published this week is about how it is jumping to package ecosystems without any additional effort on the part of the, um, the threat actors. So maybe just talk, like, a paragraph, right? Real quick. Okay. What is it... I know. I'm, I'm telling you to be brief.

[00:03:27] Paul McCarty: This is the difficult one. Okay. PolinRider is basically, North Korea has automated, uh, when they compromise developer victims, they basically automatically push malicious packages into all the repos that person has access to them locally. Mm-hmm. Uh, initially, that was just a GitHub thing. That's what we found earlier this year.

[00:03:45] Paul McCarty: But now, in the, um, Go and PHP ecosystems, those registries, Packagist and, um, the Go registry, they ship packages that are GitHub repos. So now, what we... The jumping the fence is these repos automatically become packages inside those ecosystem, which is crazy. You know, you don't have the same additional authentication that you do in, in NPM, and PyPi, and some of the other ecosystems.

Cybersecurity startup publishes infostealers to npm

[00:04:12] Jenn Gile: Nice. I, uh, am dropping the link to that, uh, in the chat. And then why don't you talk a little bit about the second piece of research, um, on a cybersecurity startup- Mm-hmm ... that you discovered publishing info stealers to npm. And, like, I'm just gonna editorialize for a moment. I get really irritated when vendors do, um, call it shady, call it borderline, whatever you wanna call it, um, things to manipulate- Well, it's

[00:04:46] Paul McCarty: illegal in some places, right?

[00:04:48] Jenn Gile: Sorry?

[00:04:49] Paul McCarty: It's illegal in some places, right?

[00:04:51] Jenn Gile: Or illegal things, yeah, to manipulate the market, and we don't necessarily know why this vendor chose to do this. Um, but talk a little bit about what you found.

[00:05:02] Paul McCarty: It's funny how many of these come from the same ecosystem. But anyhow, um, the, the reality is that this is a common practice we see with certain cybersecurity startups.

[00:05:12] Paul McCarty: Basically what happens is to make a name for themselves, they do a bunch of, um... You know, they publish malicious, uh, VS Code extensions or malicious npm packages, or whatever the case may be, and then they use their publishing of that data to kind of prove the point that you need the solution that they're hawking, right?

[00:05:29] Paul McCarty: Um, and, uh, what- Like, to get

[00:05:31] Jenn Gile: a little dramatic, this is like setting fires and then being like, "Oh, you need my, like, new sprinkler system."

[00:05:38] Paul McCarty: Yeah. These particular info stealers in... These particular seven info stealers are really unusual in the sense that the author went to great lengths to not actually steal.

[00:05:48] Paul McCarty: For example, it ganks everything in your .ssh, uh, uh, f- uh, .ssh folder on a Linux box or a Mac box, you know, everything in your .AWS folder, except the, the credentials file, or except the actual PEM, uh, SSH keys. So they're, they're going out of their way to not actually gank the... But then they take everything else.

[00:06:06] Paul McCarty: Now, the problem is that you can actually put credentials in config files in A- AWS directories, for example, so it's not, it's not a perfect delineation. But the fact that the author went through so much trouble to do that, but then just stole all this stuff, right? Like, there's... The, the amount of data that they, these info stealers steal is...

[00:06:24] Paul McCarty: The point of it is to get data about your- It's seven

[00:06:26] Jenn Gile: different data points. It's an absurd amount of data.

[00:06:29] Paul McCarty: And when you tie all those things together- It's, like,

[00:06:31] Jenn Gile: 11, not seven.

[00:06:32] Paul McCarty: Yeah. Yeah, it's a really strong identity graph of who that person is, what they do, what the name of their machine is, all this stuff which you can then use later on as part of your data set for whatever thing you're trying to hawk.

[00:06:43] Paul McCarty: Um, so we called it out-

[00:06:45] Jenn Gile: Yeah, I mean, very likely this, uh, like you said, violates some laws. I wouldn't be surprised if this had some kind of a GDPR impact. But, um, you reported the, um, publisher and the packages. They have all since been taken down, so the person who did this, uh, has lost their npm account, which you know what?

[00:07:06] Jenn Gile: Good. Um- Yeah ... I don't like to see this kind of behavior

[00:07:11] Paul McCarty: Yeah, and oh, I was gonna say a second ago, there was something important there that... No, um, God, I'm getting old now, Jen. Um, something there about the NPM packages. Ah, well, oh.

[00:07:22] Jenn Gile: Yeah.

[00:07:22] Paul McCarty: Maybe we'll- I'll remember later on and jump in.

MeetingTV sues Palo Alto Networks over Koi Security's IOC listing

[00:07:24] Jenn Gile: So this kind of segues into, um, one last thing before we hit on Open VSX, and that is a lawsuit that we found out about- Mm

[00:07:34] Jenn Gile: uh, recently. It was filed, I think, last week. Um, a startup called MeetingTV has, uh, taken Palo Alto Networks to court over, um, something Koi Security did. Koi is a company that Palo Alto Networks acquired earlier in the year. This is some actions that happened at Koi before the acquisition happened. But essentially, Koi published a blog about a campaign and listed this company, MeetingTV's domain, as at the very top of their C2 infrastructure, like IOCs list.

[00:08:10] Jenn Gile: And, um, as a result, uh, you know, this company said that they got blocked by a whole bunch of, you know, people who use their product. They lost revenue, you know, lots of, lots of issues with this. But the, um, important takeaways here are, first of all, uh, it was not a malicious domain. It was a safe domain. Um, so Koi Security made a mistake in publishing this domain as an IOC.

[00:08:40] Jenn Gile: And what this lawsuit is alleging, and I'm gonna be, like, very interested to see how the, um, court case goes because it's alleging basically, um, irresponsible use of AI. That, um, you know, they're alleging that Koi used AI in their analysis, and that it hallucinated the involvement of MeetingTV's, uh, domain, and that they didn't validate it.

[00:09:08] Jenn Gile: So Koi has since, uh, removed that domain from the IOC list in the blog. They updated it back in February or so. Um, but you know, reading between the lines here, probably, you know, MeetingTV initially wanted some kind of a payout for it, didn't get it, and has taken them to court

[00:09:29] Paul McCarty: Yeah, and I suspect right now if you were to search Google, sorry, not Google, GitHub for that domain, you would find it in lots and lots of people's block lists still, because this is the problem, right?

[00:09:41] Paul McCarty: Once it gets out there, people suck it in. Yeah, Coy can remove it, but then everybody else that's pulled it from Coy, they're not removing it, and that's what's actually blocking you. So this is like a, this is a supply chain in reverse. You know, when you block something, the supply chain of, of, of hosts that you're allowed to go to, that's a difficult thing to unwind, man.

[00:10:00] Paul McCarty: Y- you know, and it comes back to my metaphor. It's a lot easier to not pour, to stop somebody pouring the, the poison into the water supply than it is to try to take the poison out of the water supply.

[00:10:10] Jenn Gile: Yeah, and to your exact point, uh, in one of the articles that I read about this, they said both Verizon and Palo Alto Networks themselves are still blocking this domain, so-

[00:10:22] Paul McCarty: Yeah.

[00:10:23] Jenn Gile: There you go ... yeah, it's very hard to unwind it once it happens. That's why we, uh, really make a serious effort not to publish false positives. Okay. I...

[00:10:32] Paul McCarty: And w- w- real quick, real quick, real quick. Yeah. We wanna talk about this at a later, we wanna talk about this at a later date, but this is evidence of something we're seeing everywhere, which is that people are shipping directly out of AI into their blog posts and into their finding lists, and into all kinds of stuff, right?

[00:10:48] Paul McCarty: And the problem is that gets out there, and that gets disseminated, and then people suck that in, and then you're poisoning these things. So we as an industry- Yeah ... have to get better. Everybody thinks that they're an expert now 'cause they got Claude and they got Codex spitting this stuff out. But you- Mm-hmm

[00:11:01] Paul McCarty: have a responsibility when you generate this stuff with AI to make sure that what it's saying is legit and true. And if it's not, then you are personally- You- I, well, I'm gonna say it, you might be personally liable

[00:11:13] Jenn Gile: Yeah, and I guess the last part of the rant that I'll add to this is we talk a lot in this industry about the harm false positives cause to a security team's reputation with developers, and that is all legitimate.

[00:11:27] Jenn Gile: Yeah. That is a problem, but this is, you know, kind of the, uh, upstream impact of it, of when you publish a false positive, you can ruin someone's life. So, like, this is a responsibility we should take really seriously. Okay, end rant.

Interview: Mikael Barbero on Open VSX security

[00:11:51] Jenn Gile: We're gonna do something we have not done before, and that is, uh, we have our first guest.

[00:11:51] Jenn Gile: Um, I pre-recorded this interview because our guest is based in, uh, France and the, the way that the world is shaped doesn't make that time zone very friendly for when we record this, uh, podcast. But here's the story of how we ended up getting our first guest. Uh, we did an episode maybe a month ago or even longer where we talked about, uh, a malicious, uh, VS Code extension for the Nx console extension that was published in both VS Code and Open VSX.

[00:12:24] Jenn Gile: This is the extension that was consumed by somebody at GitHub and then enabled TeamPCP to gain access to several thousand of their repositories. Um, we actually had someone from Eclipse Foundation reach out, uh, after that episode aired and said that they would love to have their head of security come and talk with us about what they're doing at Open VSX so that the community kind of understands how that ecosystem is different and what the, the security measures are.

[00:12:54] Jenn Gile: And, uh, we jumped at this opportunity 'cause it's not often that we get, um, the registries, you know, out talking to us about their security practices. And so what I'm gonna do is I'm gonna go ahead and, uh, play the interview. Paul and I will be here hiding, uh, behind the scenes. We'll still be in the chats.

[00:13:13] Jenn Gile: And then we'll pop back in and kinda talk about, uh, the conversation afterwards. All good, Paul?

[00:13:20] Paul McCarty: Yeah, let's do this. I'm gonna go

[00:13:21] Jenn Gile: on, uh, mute. Okay. Bear with me, everyone, 'cause I have to hide us and then I have to, uh,

[00:13:26] Mikael Barbero: bring the video in and it's like five clicks

[00:13:34] Jenn Gile: For taking some time today to talk to the community about what's going on at Open VSX. But before we get into that, tell everyone who you are and what do you do?

[00:13:45] Mikael Barbero: Thank you first for having me. I'm really happy to chat with you. So, well, I am Mikael Barbero. I'm head of security at the Eclipse Foundation. I lead the team at the foundation that initially the mission was to help our projects to improve their security posture, and we moved to also help the Open VSX team to, to secure the registry.

[00:14:01] Mikael Barbero: And now we are even involved on the AI-assisted vulnerability discovery with our recent partnership or participation to the

[00:14:07] Mikael Barbero: Project Glasswing from Anthropic

[00:14:12] Jenn Gile: I saw in your LinkedIn background you've been with Eclipse for several years. Seems like you came from more of a software engineering DevOps background?

[00:14:22] Mikael Barbero: Yeah, correct. Yeah, I've been with the Eclipse Foundation for 11 years now. So quite a while, and I changed the role a couple of times. So I started as eng- software engineering as, as my background, so strong focus on supply chain security.

[00:14:33] Mikael Barbero: And when we started this team to, to actually focus on supply chain security, that, that's how I grew up and managed to get this role. So that, that's also one of the reason why I'm still at the foundation is those opportunity to grow. That's a great place to work.

[00:14:45] Jenn Gile: Yeah. That's... And I always like seeing people who used to work on the code and the pipelines now responsible for securing them, 'cause I think you have a little bit more of a internal understanding of how it works.

[00:14:56] Jenn Gile: Why don't we start with telling the audience what is the Eclipse Foundation?

[00:15:02] Mikael Barbero: Yeah. So the Eclipse Foundation is an open source software foundation. So we are a non-profit organization. We hosting open source projects. So we are headquartered in Europe, in Brussels. We used to be incorporated in the US, but five years ago we moved entirely to, uh, to Eu- Europe.

[00:15:17] Mikael Barbero: So we are the home of more than 420 projects. So many of your, your listeners probably know the, the, the well-known Eclipse J- Java ID from 25 years ago. But now it's only a minority of our project. It's 20 to 25 of our projects, and the 300 or 400 others that, that are in a widely diverse ecosystem. So we have project around software-defined vehicle.

[00:15:41] Mikael Barbero: We have IoT projects, Eclipse Mosquitto, Eclipse Paho for MQTT runtimes. We have also, of course, still Java de- developer tooling, sorry, with Eclipse J, Eclipse E, and others. We have many projects in many diverse ecosystem.

[00:15:55] Jenn Gile: Yeah. And certainly not the least of which is Open VSX. At this point, where does it fall in terms of popularity amongst the Eclipse Foundation projects?

[00:16:06] Jenn Gile: Is it on the higher end?

[00:16:08] Mikael Barbero: Yeah, definitely. So Open VSX started a bit weirdly or a bit as a niche for sure. So Open VSX started in 2019 from one of our member company to provide an extension marketplace to their cloud IDE, Eclipse Theia. Because this supports extensions with an API compatible with VS code.

[00:16:28] Mikael Barbero: And given that the, the Microsoft Visual Studio Marketplace does not allow any other IDE to consume extensions from this marketplace, they, they have to create something. So that's how Open VSX was born now seven years ago. And we started to run it as a beta in terms in 2020 or late 2020. And for sure since-

[00:16:48] Jenn Gile: Yeah.

[00:16:48] Jenn Gile: And it's changed a lot in the last one to two years

[00:16:52] Mikael Barbero: Yeah, exactly. So the rise of all those VS Code forks. So if you think about Cursor, IBM Project Bob, uh, Google Antigravity, they are all either fork of Microsoft VS Code or VS Code compatible IDEs, so they can consume extensions, the same extensions as because of Visual Studio Code.

[00:17:10] Mikael Barbero: And so they all perform Open VSX because, of course, they need a place to consume their extensions. So we switch from a niche project, a niche service for one of our own projects, to basically becoming critical infrastructure for the AI assistant development IDEs of the world.

[00:17:24] Jenn Gile: Yeah, that's a big change. I wanna definitely talk about how your team has been working on Open VSX security, but just broadly, what has it meant for Open VSX to become the extension marketplace of choice for AI developers?

[00:17:41] Mikael Barbero: So the, our first... So becoming critical infrastructure raised a lot of challenges. The first one being, of course, the, the infrastructure needs, the number of requests, the, the bandwidth requirements. So we moved from a couple of thousands of requests per second at peak time to exceeding 2,000 or 3,000 million.

[00:18:00] Mikael Barbero: Now we also have 300 millions. We- Last of April, we were at 300 millions download per month. We switched to 600 millions in May, and we're expecting to, to pass the, the billion downloads per month by the end of the year for sure. So we are really on the, the economic curve. That's a lot of

[00:18:17] Jenn Gile: infrastructure.

[00:18:18] Mikael Barbero: Exactly. So ex- similarly, the number of extensions that we received, the number of publishers that published those extensions to the registry just increased exponentially. So managing this, this exponential growth has been a challenge. We had some hiccups, as any infrastructure would expect to have when we've seen our growth.

[00:18:35] Mikael Barbero: But yeah, that, that has been one of our main focus, is stability. But of course, this growth, we noticed it, but of course threat actors also noticed it because we became a good place to be and a good place to distribute malware. So that's where we had also to up our game because initially when we had only a couple of hundreds of extensions from well-known and, um- Good acting people.

[00:18:57] Mikael Barbero: Mm-hmm. That, that was not an issue, but now malicious actor are publishing malware,

[00:19:01] Jenn Gile: yeah. Yeah. So before we get into that, I, I didn't warn you I would ask this question, but it occurred to me while you're talking, do you know off the top of your head what the average number of extensions getting published are on Open VSX now?

[00:19:15] Mikael Barbero: We have about 1,200. Yeah, 1,200 extensions. Okay. May- We, we may be at 1,500 now. I don't have the, the latest... Sorry, tw- 12,000 to 15,000. One five thousands extensions right now. That's- Yeah ... I don't have the latest number at hand, but, and we have more than 8,000 publishers as well.

[00:19:33] Jenn Gile: Yeah. So the Eclipse Foundation is similar to other foundations like OpenSSF and the Linux Foundation in that the community is driving this growth.

[00:19:44] Jenn Gile: You shared with me before that part of the reason that you were able to expand the security function is through investments from the community. Can you talk a little bit about what that, why Eclipse got money?

[00:19:56] Mikael Barbero: Yeah, sure. But before that, Debbie, I just would like to re-explain, when we talk about the Open VSX, we talk about three things, and the funding comes from the, these trinity.

[00:20:06] Mikael Barbero: So we have the open source projects, so we run the open source projects just like any other open source project like the foundation. That's where the code contribution are made and where anybody can actually take the code and run their own instance. There is Open VSX, the service that we run, and that we scale to the, the numbers that I've just listed earlier.

[00:20:24] Mikael Barbero: And then we have the working group that has been funding more recently, uh, 2023, to actually, uh, drive and steer the, the, the services. So the initial goal was to have this working group to, to fund the development and the support of the, the service. But the scale of the growth has been outstanding, our hope that really was really beyond, beyond any of our imagination initially.

[00:20:47] Mikael Barbero: So we had to find other mechanism to fund the development and the security of the project. So we still have the working group, and many of the vendors that support Open VSX are member of the working group. We also had support from Alpha Omega, the Open Project managed by Google, AWS, and Microsoft to help us improve the security posture of the code base.

[00:21:10] Mikael Barbero: And finally, we had this new initiative to create what we call Open VSX Managed Registry. So it's for all the, the Google Antigravity, AWS Kiro, Project Bob, and cursors of the world to provide them with SLA and malware detection, I mean, malware detection and value services. Just any company building a critical service would to have when they rely on critical infrastructure.

[00:21:35] Mikael Barbero: And this, tho- those combination of funding and the, the treaty of, um, what is Open VSX really help us sustain all those entities separately and with involvement from the community.

[00:21:48] Jenn Gile: That's great. Now that you have some funding and support, what's your team been working on to improve the marketplace?

[00:21:56] Mikael Barbero: Yeah. So of course, the, the first thing was to be stable.

[00:22:00] Mikael Barbero: Mm-hmm. Stay, keep, keep the light on. Initially, that, that was our main focus, and very quickly we focused on security, and the, the, our priority there was definitely to have pre-published security scanning. So that's something that has been missing from Open VSX in day one. But with the numbers of, um- Of publishers and threat actors not seeing open ESX, we had to add that.

[00:22:21] Mikael Barbero: So that has been the priority end of 2025, deployed early 2026. Initially we ran only as a monitoring mode, so we were not flagging anyf- or we were flagging it only for internal use so that we can treat the knobs until we reach the proper level of, of findings. And then finally we turn it on. So basically now for every publication there is a, before it's act- an extension is actually available for download, there is a scan being run, and if there is something suspicious, then it i- it is quarantined and then there is a human review, human in the loop there to, to review the extension.

[00:22:54] Jenn Gile: Yeah, that sounds very similar to how a lot of people implement tools within their own companies, right? Don't turn it on until you're confident it's not going to spit out a bunch of false positives and break pipelines.

[00:23:06] Mikael Barbero: Yeah, exactly. False positive is really something that scares. We don't want to re- repose publishers.

[00:23:11] Mikael Barbero: We want to still accept the, the good publishers. So to tweaking the knobs to, to reduce the false positive rate is really hard and a big focus of continuous improvement, of course.

[00:23:20] Jenn Gile: Yeah, I think- But that was- Oh, sorry. Go ahead.

[00:23:23] Mikael Barbero: That was our initial focus, but we've also did a couple of other improvement. So for instance, we had a lot of issues with tokens, so initially we don't, we didn't have any token expiration.

[00:23:33] Mikael Barbero: Again, it was really a niche project, so the security posture was aligned with the expectation from such a project. But now we, we had to up our game, so we re- overhauled the whole security posture of the tokens with our now limited lifetime expiration. We also have scanning, so many of our publishers initially were including their tokens, their publishing token in their extensions that, yeah, it happens and-

[00:23:56] Jenn Gile: Hard-coded into their, yeah.

[00:23:58] Mikael Barbero: Yeah. So it, they were shipping us the, their tokens, so of course anybody who were downloading their extension had access to their tokens. So we had to revamp all of this and do token revocation, token reauthentication at publishing time so that we protect our publishers and we protect our consumers from supply chain attack.

[00:24:14] Jenn Gile: Yeah. I wanna hear more about how the malware scanning detection works, but this kind of prompts a question. A lot of the ecosystem is dealing with what you're dealing with right now. Um, I'm sure you follow the changes that are getting implemented in places like NPM, um, you know, with, uh- Being able to mass revoke, uh, you know, other features that are, you know, to your point, maybe a little overdue.

[00:24:42] Jenn Gile: What are the things that you kind of see as like the major, uh, changes that need to be happening so that these systems are a bit more, uh, trustworthy?

[00:24:52] Mikael Barbero: So the, we don't do that alone. We rely on the community as well to help us. Again, it's an open source project, and anyone can look at the code and see what we are doing.

[00:25:01] Mikael Barbero: Of course, we, some of the malware scanning, the rules are not necessarily all of available. We don't want to give the recipe to, or any malware, any malware creator to, to find whether they will pass or fail the detection. But for the detection part, what we created is the security recognition, security researcher recognition program, so that we recognize and we, we create, we created badges to recognize security researchers who help us improve the detection and, uh, also report to us malware that they detect and we didn't detect it yet.

[00:25:32] Mikael Barbero: And so we work with them to improve our, our detection on a continuous basis. So that, that, that's something that is super helpful. And the roadmap for improving the, the detection is really tied to those contributors. And we have a page on there where we list all the contributors. I can, I guess we can add some links to this podcast for, for the contributors.

[00:25:50] Jenn Gile: Yeah, I saw that while

[00:25:50] Mikael Barbero: I was doing some research. I'll add it to the show notes.

[00:25:53] Jenn Gile: Excellent. Thank you. But we, so the, the, the plan for this is, uh, really tied to contribution from the community, but we also have other plans. So for instance, we've already started to harden the, the namespace and publisher verification.

[00:26:08] Mikael Barbero: So of course, there, there are still a lot of attacks on the typo squatting or namespace squatting. The- People who try to copycat popular extensions, not necessarily by typos, typosquatting, but still the, the reviews are very similar, use the same icon and so on. So all of those detections, they are in the pipe and we are deploying them on a regular basis.

[00:26:30] Jenn Gile: Yeah. So let's start really basic. I wanna publish an extension on Open VSX. What kind of vetting do I have to go through as a publisher so that you can make sure when I publish something,

[00:26:44] Paul McCarty: I'm

[00:26:44] Jenn Gile: maybe a more credible source? There's been complaints about other ecosystems that allow for publisher accounts to be very new, to not have a lot of identity validation.

[00:26:55] Jenn Gile: What are you looking for when you onboard new publishers?

[00:26:59] Mikael Barbero: Yeah. So the very first thing that we have to do is to sign a publisher agreement with us. So we don't necessarily verify the identity of the signature of the, the people who sign this agreement, but that's something that set the ground rules, what you can do at Open VSX, and what action can we take if you violate those rules.

[00:27:17] Mikael Barbero: So that the first thing. And it's not necessarily something that you have everywhere to have this publisher agreement up front. So we are really, really focusing on, on, on that. We think it's really important to have that first. Then you, if you publish from GitHub, for instance, you are allowed by default to publish in your, on your Git- in a namespace that match your GitHub user ID.

[00:27:33] Mikael Barbero: So that's the, the basis. Now, if you want to publish to another namespace, you have still non-automated, you have to interact with, uh, people from the team to, to demonstrate that you actually own the namespace. So if it's a domain, then you... We do a domain verification or domain ownership verification and so on.

[00:27:50] Mikael Barbero: And the some of the plan, of course, in security is to, on the security side, is to automate this whole pipeline so that we, we can provide some trustworthy signal to our consumers when they download an artifact that is badged as verified that everything is in check.

[00:28:06] Jenn Gile: Okay. So I get my Open VSX account approved.

[00:28:10] Jenn Gile: I go to upload my first extension. What's the scanning look like for that?

[00:28:16] Mikael Barbero: So it will be transparent for you because you will use either the command line tool that we provide to publish to, to the extensions or j- to the registry or the Microsoft tool. They are both compatible. And the, the, the scan happen in the background, so if everything is green, it just get available on the, the website and, and you're done.

[00:28:34] Mikael Barbero: If it is quarantined, then you have to wait for final approval, final review. So I think we, we have some SLA, SLOs on there. It's usually within the day. It can take up to two days to, to scan and verify. But that's, uh, that, that's basically how it happens.

[00:28:49] Jenn Gile: Yeah. So you're looking, it sounds like, for things like hard coded secrets that could create a security issue, but you're also looking for malware.

[00:28:59] Jenn Gile: I know you can't sha- share the malware detection rules, but in general, like, what kind of behavior are you looking for when you run that scan?

[00:29:06] Mikael Barbero: So we search for p- payload, known payloads for malware of course. We use Yara in the background for many of those scans. We also use AI assisted malware detection, of course, for some behavioral changes.

[00:29:19] Mikael Barbero: We search for secrets and credentials, so not only our own, but also others. We look for signals of impersonation, so as I mentioned, for type of rating, brand j- brandjacking. We also recently added obfuscation tricks like GlassWorm. By the way, it's, I'm, um, I'm really amazed and, by the ingenuity of the GlassWorm author.

[00:29:41] Jenn Gile: That's- I know. They're terrible, but they're so good at what they're doing.

[00:29:43] Mikael Barbero: Exactly. Exactly. You have to give them that. But tho- those obfuscation tricks, we add them on a continuous basis when we discover new techniques. That's, that, that's part of it. The, and our plan is to move toward the update path anomalies.

[00:29:57] Mikael Barbero: So we have detected some sleepers, so extensions that are published for a while and that are actually good. They're doing nothing malicious and stay there for a while, and the next update is actually the one that will kill the, that will bear the- The malicious payload, those patterns and those behaviors, that, that's the thing that we are also detecting.

[00:30:18] Mikael Barbero: So it's not only about the scan at publishing time, it's also the scan of the, the global behavior or the global life cycle of the extension. We, we've seen also, and we look at some signals like bot inflated download counts. A new extension- Mm-hmm ... that magically get a million downloads in a couple of days, that's very suspicious.

[00:30:37] Mikael Barbero: So this kind of stuff that we are adding regularly to our scans and our detection systems.

[00:30:41] Jenn Gile: Yeah. You mentioned sleeper extensions. We certainly see that in every ecosystem where a threat actor will publish something that's benign, and then they'll publish a malicious version later. And then often they'll publish another benign version after that so they can hide it.

[00:30:57] Jenn Gile: So you're looking for these sleepers in your extension marketplace. What, what kind of signals do you look for that tells you that something may become malicious but isn't malicious yet?

[00:31:11] Mikael Barbero: Hard to tell you without disclosing all the, the secret recipe, but it's a combination of the size, the, the download number.

[00:31:21] Mikael Barbero: It's very often in dark bits.

[00:31:22] Jenn Gile: Behavioral?

[00:31:23] Mikael Barbero: Yeah, behavioral. And yeah, of course the new scan. So something that has been benign initially and marked as okay, if all of a sudden the update triggers some even low signals, that, that's a sign.

[00:31:36] Jenn Gile: Okay. So I'm curious what your team has been seeing in terms of trends with what people are doing with malicious extensions.

[00:31:44] Jenn Gile: You've been scanning for a few months now, and I'm sure you have some ideas of what you see more often than not. What's it look like in that world?

[00:31:55] Mikael Barbero: Yeah. GlassWorm is really the, the flagship example. There are all more or less copycat of that nowadays. So clone and seep type of campaign. Again, we had the, the V2 detected by Socket, uh, b- back in April that it, it, it's really bad, but we are, we are getting there at detecting those and getting better at detecting of those.

[00:32:17] Mikael Barbero: But that's the, the trend. But otherwise, it's really just the usual stuff, credential leaks, so one compromised publisher, and then there's no more effect.

[00:32:26] Jenn Gile: It just spirals from there.

[00:32:28] Mikael Barbero: Exactly. So it's still, it's a common responsibility or global responsibility of all registries to help users and publisher to not disclose those, and to, or to be able to revoke the credentials as fast as possible.

[00:32:44] Mikael Barbero: So yeah, that, that's the, the two main things, that the very advanced, tricky malware like GlassWorm, and the good old fashioned leaked credentials that end up like that. Are

[00:32:53] Jenn Gile: you seeing, like between the two categories, ac- account takeovers where somebody's credentials were stolen and now malware is being published on their account, versus something that was always bad even if it was a sleeper, are you seeing one versus the other being more common?

[00:33:10] Mikael Barbero: Not necessarily. The GlassWorm kind making more headlines, so we hear more about them. The blast radius is also usually larger, because they, they go and they take it for a bit longer. But no, we don't necessarily see any, anyone taking the other.

[00:33:27] Jenn Gile: Nothing is ticking up. Something you might be familiar with is North Korea's state sponsored threat actor group has really been favoring delivering malware through the task.json file for, through VS Code extensions.

[00:33:41] Jenn Gile: Are you seeing anything similar happening in the Open VSX and ecosystem?

[00:33:46] Mikael Barbero: Yes. Yeah

[00:33:51] Jenn Gile: Yes. In VS Code, that's a feature that can be managed. What would you say is a best practice for people who are consuming these extensions? Because essentially, I'll take a step back and explain to anybody in the audience who doesn't know, task.json files get used very similarly to an NPM life cycle script, where it auto installs, and the benefit if you're a threat actor is if you download it, it'll auto-install the malware without the user having to do anything.

[00:34:22] Jenn Gile: And Mikael, what would you tell an Open VSX user that they should either be looking out for or change with their settings so that they're not susceptible to that kind of attack?

[00:34:32] Mikael Barbero: That's where actually the, to understand that basically none of the user of Open VSX know that they use Open VSX. They use Cursor, they use Antigravity.

[00:34:42] Mikael Barbero: Yeah. They use Kiro. And they don't, they install extension from each of the, those clients. So that's where the collaboration and the fact that those companies are actually contributing to Open VSX and working with us, that, that makes the big changes because they have to implement client side on the, at the download phase or when they auto update, 'cause they control the auto update.

[00:35:05] Mikael Barbero: We don't provide any client for auto update. We just deliver the, the extensions. So that's where each of those, sometimes they are just forks and clones of the VS Code code base. But for many, they, they have their own custom tweaks and we aim at providing them as much information as possible so that they can act and prevent this kind of behavior from opening in their developer tools.

[00:35:27] Jenn Gile: Yeah, so you're fighting like an extra layer of abstraction when you're trying to help people understand the risk here, because they're not consuming directly from you the way that perhaps someone might consume directly from NPM.

[00:35:41] Mikael Barbero: Yeah, exactly. So when some, let's take Kiro. If someone installed the new Java extensions in Kiro, we have no way to tell them that the last version of, the previous version of the same extensions was malicious.

[00:35:54] Jenn Gile: I was gonna ask you what keeps you up at night, but that's gonna keep me up at night, I think.

[00:35:58] Mikael Barbero: Yeah, exactly. That's the easy keeping map, but not intended. Or the update path, the auto update path that all those IDs provide. And one, one extension can turn malicious tomorrow, and all those good ones and the very famous one are at risk.

[00:36:14] Mikael Barbero: But as you can see-

[00:36:14] Jenn Gile: Yeah, so I... That definitely makes it all the more important that Open VSX is doing proactive scanning. There's a lot of debate in the community right now about the role of a registry. Should they be holding things back before allowing something to publish? And I think the community more and more believes yes, the registry has a responsibility to look for dangerous things.

[00:36:39] Jenn Gile: And in your case- Mm-hmm ... you don't have an easy way to notify people. If I am consuming an Open VSX extension through Cursor, is there something that I should be subscribing to so that I know from Open VSX if there's been some kind of- Security incident?

[00:36:57] Mikael Barbero: Oh, yes. So we're, we publish advisories and report whenever and postmortem when the, whenever there, there is an incident.

[00:37:04] Mikael Barbero: We, we also publish all the extensions that are dedicated and flagged as malicious so that those platforms can actually consume those lists to, to warn their users. We, we don't have a feed for end users or for users who don't know the, the, they use Open VSX because that would be pointless given that they don't know us usually.

[00:37:23] Mikael Barbero: But we provide as much, as many thing as possible to, to the, the needs so that they can consume this information and warn their user.

[00:37:30] Jenn Gile: I will put a plug in for open source malware. Anybody who wants a feed of the extensions that we know are malicious, you can come get our free feed. Okay, we'll start to wrap up here.

[00:37:39] Jenn Gile: You've said this a couple times already, and I think I have a good idea of your answer, but this is your opportunity to say what you want from the community, the people who listen to this podcast. Many are security practitioners, many are engineers themselves. What are you looking for, whether it's filling open roles, contributions in your security research program?

[00:37:59] Jenn Gile: Give us some homework.

[00:38:01] Mikael Barbero: Yeah, definitely. I will. And that's actually what helps me sleep well at night, is that we are not doing that alone anymore. So we were running the service while it was a niche, but still we were running it by ourselves with a very small community. But now we have member companies and the community and security researchers that have interest in Open VSX, and we have a work for each of those communities.

[00:38:23] Mikael Barbero: So i- if you are a security researcher, you can join the security research program, recognition program. So if you report malware detection or even security vulnera- vulnerabilities on the code base, then you are eligible to be part of this. We also have nice perks for the highest grade of, of those researchers.

[00:38:41] Mikael Barbero: We don't do bug bounty, just to be clear. We just offer some nice perk to, to re- recognize their work. If you are a developer, software engineer, then you can also look at the code base, contribute features, contribute new security mechanism. The code is open source and you have nothing to do, just go to the code base at GitHub and contribute there.

[00:38:59] Mikael Barbero: And if you're a company that actually build on top of Open VSX, so you have an AI assisted tool that is compatible with VS Code marketplace, and you, you most certainly consume from Open VSX, so become a member of the working group that helps steer the, the, the service. And you can also, if you want some list of an agreement for Open VSX, we can provide that with the, the managed registry, the managed Open VSX registry.

[00:39:24] Mikael Barbero: So that's how we do that, not all by ourselves, with the help of the community. So that's really the What we're building and what we're aiming for.

[00:39:32] Jenn Gile: That's great. We'll get those links out there. And I'll say, I talk to a lot of people in the community who are, like, looking to change jobs, improve their resumes, looking for things that will set them apart, and I would say making contributions to a project like this is often more meaningful to a potential employer than going out and getting another certification.

[00:39:52] Jenn Gile: So yeah, seems like a great place to get involved and build your resume and maybe feel good about what

[00:39:59] Mikael Barbero: you're doing. Yeah, exactly. Yeah. There is a seat at the table for everyone, so please get engaged.

[00:40:04] Jenn Gile: Great. Mikael, thank you so much for joining us. We'll stay in touch and anyone in the community who's interested, drop some comments and we can make connections.

[00:40:13] Jenn Gile: So thank you.

[00:40:14] Mikael Barbero: Thank you for inviting me to this great discussion. Thank you so much.

Reactions to the Open VSX interview

[00:40:22] Jenn Gile: And we're back Do I have your audio, Paul?

[00:40:27] Paul McCarty: It did not auto-unmute me,

[00:40:29] Jenn Gile: which is- It didn't auto-unmute you. I wasn't sure if it would or not. Ah, all right. It works. That was

[00:40:33] Paul McCarty: a good interview. Good job.

[00:40:35] Jenn Gile: Yeah. So, um-

[00:40:37] Paul McCarty: I'm impressed that worked.

[00:40:38] Jenn Gile: What are your, what are your thoughts on my conversation with Mikael?

[00:40:42] Paul McCarty: Oh man, a lot of thoughts.

[00:40:44] Paul McCarty: I mean, first good on them for being really proactive with security. Like I was checking out the security contributors', um, page, and I'm like, "I wanna be on this." Um, uh, I also think sometimes, you know, to one of the last things he said, like you'd be part of the working group, is like, like a security researcher can't go and join all of these security working groups.

[00:41:03] Paul McCarty: So we have to m- and their choice not to use a bug bounty program to do it in their own kind of way. I'm always, I always question that a little bit, like is this making it too hard and you gotta go too into your world? But all that being said, I'm keen, like I'm looking at it right now. I've got the source code repository open.

[00:41:20] Paul McCarty: Um, you know, I wanna be part of, um- I, I wanna understand how we, you know, as open source Mailer can help, but also, like, how I personally can help that ecosystem. 'Cause he's right, I mean, it's growing, um, tremendously. I've been watching the new packages come in and, um, I think there's a lot of places there we can help.

[00:41:40] Jenn Gile: Yeah, the numbers that he cited are pretty wild in terms of how rapidly it's growing. Uh, a couple of things that I continue think are really just interesting from that conversation is the volume of people who don't know that they're using Open VSX, uh, as they're consuming extensions from Open VSX. Right.

[00:42:04] Jenn Gile: And I think that presents a really, um, nuanced problem, right? It

[00:42:10] Paul McCarty: does. Yeah, that's a great point. Like, I thought, before I really understood the Open VSX ecosystem, I thought it was much more niche than the Microsoft VS Code, and it turns out it's kind of the opposite, that more things use Open VSX than do, um, the official Microsoft VS Code Marketplace.

[00:42:28] Paul McCarty: So that's, that's an interesting eye-opening experience for myself.

[00:42:32] Jenn Gile: Yeah, the other thing, um, and it's I guess no surprise that GlassWorm is on his mind, uh, one of the links that I shared in the comments is, um, a report that came out earlier this year about, um, a whole bunch of malicious extensions pushed, uh, through the GlassWorm campaign onto Open VSX.

[00:42:53] Jenn Gile: Um, but you know, him equally seeing that type of behavior versus typosquats, you know, it's always, um, fascinating to see what the trends are and how they're different in each ecosystem. And his, you know, efforts that they're working on to tie a publisher to some kind of, um, authority to publish in order to reduce typosquats, you know, looking for signals of impersonation, I thought those were some important actions that they're taking.

[00:43:28] Paul McCarty: Uh, yeah, I think there's two observations I wanna say directly to that. The first is that any ecosystem, any registry, you know, and I saw this at GitLab and I've seen this, you know, from the outside with GitHub and all, and npm, is that they want to... Sure they wanna do the right thing, but they also wanna increa- increase the use and, and downloads, right?

[00:43:45] Paul McCarty: So that's... And, and he said it himself in that in- in that interview. So, um, there's always gonna be this tension between, you know, lack of resistance. I remember the conversations- Mm ... you know, some of the orgs that I've been in where you have this conversation between, this tension between marketing, "Let's open up, let's open up," and then security going, "Well, if we do that, this is gonna be the problem."

[00:44:06] Paul McCarty: And, um, and those, those conversations have actual cost and sec- both in the, in the sense of the security team, but what you have to pay for to, to, to, um, you know, make that work. Uh, and then counter that with, uh, uh, this idea that, you know, GlassWorm is the only thing. When he focused on GlassWorm, I'm thinking to myself, "I think he's looking a little too small," because VSXI, uh, VSIX files are just JavaScript files, right?

[00:44:34] Paul McCarty: Like, the... You can literally take... Well, not literally, but you can take almost exactly the same payload that you use in npm, modify it ever so slightly and deploy it in their ecosystem. And 98.5% of the world's malicious packages are hosted in npm. And if npm is that similar to Open VSX, I think he's got a bigger problem than just GlassWorm.

[00:44:55] Paul McCarty: But, um, you know, happy to be a part of that solution.

[00:45:00] Jenn Gile: Yeah, for sure. Okay. This, I think, is on record as our longest episode, but it was worth the time. Anything else you wanna talk about before we wrap it up?

[00:45:09] Paul McCarty: No, I just wanna say personally, big shout-out to both Mikael and, and the Open, um, uh, sorry, the Eclipse Foundation, you know, for reaching out and interacting with.

[00:45:18] Paul McCarty: I love that. Yeah. Oh my gosh, if I wish... I, I wish I could have that with npm and GitHub, you know, getting them to interact or even look at my tickets when I'm trying to submit thousands of malicious packages is like pulling teeth. And here's an organization that reached out to us proactively. I just think that's amazing, and big shout-out to the Eclipse Foundation for doing that.

[00:45:37] Paul McCarty: Um, I really appreciate it personally.

[00:45:39] Jenn Gile: Yeah. Plus one to everything you just said. Uh, this is a community and, uh- Maintaining these kind of platforms is a really big responsibility. So, you know, it goes a long way to get to know these people and to- Yeah ... understand what they're working on. And yeah, they're not gonna get it perfect every time, but, you know, they're never gonna get it right if they're operating in a silo and not telling people what they're doing and not engaging.

[00:46:07] Jenn Gile: So huge kudos- 100% ... to the team for, for being part of this. They're definitely out there hitting the podcast circuit. Um, I saw that they were on, uh, Open Source Security, Josh's podcast recently. So yeah, I think we'll be seeing a lot more from, uh, Eclipse Foundation in the future.

[00:46:27] Paul McCarty: It's part of Mikael's, uh, KPIs for the year, right?

[00:46:29] Paul McCarty: Is like, how many podcasts he gets.

[00:46:30] Jenn Gile: How many podcasts can you do? Yeah. All right, everyone, have a good one and we will see you next week.

[00:46:37] Paul McCarty: Thanks for listening. We appreciate it, guys. Cheers, bye.