securitymalwarejavascript-debugger

VS Code JavaScript debug terminal has malware. How to remove it?


I just started experimenting with the .NET framework and I noticed that when I run:

dotnet list packagein the JavaScript Debug Terminal of VS Code I get all my packages as I should but they have strange Links attached to some of them that lead to scam sites.

ex: > Windows.EntityFrameworkCore.SQlite --> ww1 .entityframework.com which is a shitty site pretending to be .NET hiring developers. .... enter image description here

I tried running anti virus scans and cleanups. Nothing detected.

I tested on PowerShell, GitBash and Cmd terminals. Nothing, only happens in the JavaScript Debug Terminal

I tried disabling all my VS Code extensions (including the built-in ones) except the JavaScript debugger to see if its coming form another extension. Still there.

I have heard of extension vulnerabilities and VS Code Hacks but this is a built-in plugin.

Has this happened to anyone?


Solution

  • VSCode is configured to attempt to parse strings from any output that could represent a valid URL and present the option to you as a clickable link for convenience.

    Since .tools is a valid TLD, it thinks the string Microsoft.EntityFrameworkCore.Tools is referencing the URL http://microsoft.entityframeworkcore.tools/ which it seems has been parked by an unscrupulous individual or organization. You as the developer should understand that this is a namespace reference and not a URL, and thus there is no value in clicking it.

    This is not indicative of any sort of malware or any real malfeasance.