(www.bleepingcomputer.com)

19 points speckx | 2 comments | 11 Dec 25 20:59 UTC | HN request time: 0.389s | source

1. trinsic2 ◴[12 Dec 25 01:05 UTC] No.46239670[source]▶

I thought image files don't act as executables?

replies(1): >>46240328 #

2. butvacuum ◴[12 Dec 25 02:49 UTC] No.46240328[source]▶

A "corrupted" PNG brings less suspicion, and triggers less heuristics than a long chunk of Base64.

And that's assuming they didn't encode it into a valid PNG.

Malicious VSCode Marketplace extensions hid trojan in fake PNG file