Ian Kretz

The obfuscation game: MUT-9332 targets Solidity developers via malicious VS Code extensions | Datadog Security Labs Analysis of a threat actor campaign targeting Solidity developers via three malicious VS Code extensions

My colleagues and I at @securitylabs.datadoghq.com did a deep-dive on some recently discovered malicious VS Code extensions targeting Solidity developers.

Check it out here: securitylabs.datadoghq.com/articles/mut...

My colleague, Sebastian Obregoso, and I had the privilege of writing a guest post for OpenSSF's blog on how we detect malicious open source packages at @securitylabs.datadoghq.com using GuardDog.

Check it out here: openssf.org/blog/2025/03...

GitHub - DataDog/malicious-software-packages-dataset: An open-source dataset of malicious software packages found in the wild, 100% vetted by humans. An open-source dataset of malicious software packages found in the wild, 100% vetted by humans. - DataDog/malicious-software-packages-dataset

The malicious packages dataset can be found here:
github.com/DataDog/mali...

Meanwhile, GuardDog findings are more like indicators of potentially suspicious or malicious package behavior rather than a conclusive determination. Review of the findings is crucial to how we produce a high-quality dataset for SCFW to consume.

Hi, I work on both projects. SCFW consults our dataset of human-reviewed malicious packages to determine when to block. Unlike GuardDog, it doesn't do any package scanning of its own.

Interested in malicious software packages? Our open-source dataset just hit over 5,000 samples of malicious npm and PyPI packages!

github.com/DataDog/mali...