Nx Console Hack Targets VS Code Devs

Robert Moore · 2026-05-19

A recent cybersecurity alert has sent ripples through the developer community. Researchers discovered a compromised version of the Nx Console extension on the Microsoft Visual Studio Code (VS Code) Marketplace. The malicious version, identified as rwl.angular-console version 18.95.0, is a popular UI plugin used in code editors like VS Code, Cursor, and JetBrains. With over 2.2 million installations, the potential impact is massive. ### What Actually Happened? Here's the deal: someone managed to sneak a credential-stealing payload into an update of Nx Console. This isn't your average bug—it's a targeted attack designed to swipe sensitive data from developers' machines. The extension, which normally helps developers manage Angular projects, was weaponized. It's a stark reminder that even trusted tools can become threats. ### Who's at Risk? If you've installed version 18.95.0 of rwl.angular-console, you're in the danger zone. The extension works across multiple editors, so the attack surface is wide. - **VS Code users**: Most affected due to high adoption. - **Cursor and JetBrains users**: Also vulnerable if they use the same extension. - **Anyone with auto-updates enabled**: Could have downloaded the bad version without knowing. ### How to Protect Yourself First, don't panic. But do act. Here's what you need to do right now: 1. **Check your version**: Open your extensions manager and verify the version number. 2. **Disable auto-updates**: This prevents future malicious updates from slipping through. 3. **Run a security scan**: Use reputable antivirus software to check for any traces of the malware. 4. **Change passwords**: Especially for development accounts and repositories. 5. **Enable two-factor authentication**: Add an extra layer of security everywhere possible. ### The Bigger Picture This attack highlights a growing trend: cybercriminals targeting developer tools. Why? Because developers have access to sensitive code, credentials, and infrastructure. "Think of it like a burglar casing a locksmith's shop," says one security expert. "If you can compromise the tools, you can compromise everything built with them." ### What the Experts Say Cybersecurity researchers are urging caution. They recommend only downloading extensions from verified publishers and checking reviews carefully. - **Verify publisher names**: Scammers often use similar names to trick users. - **Check download counts**: Extremely new extensions with high downloads are suspicious. - **Read recent reviews**: Look for flags about malicious behavior. ### Moving Forward Microsoft has likely removed the compromised version by now, but the damage might already be done. If you suspect you've been affected, don't delay. Consider this a wake-up call. The tools you trust can turn against you. Stay vigilant, keep your software updated from official sources, and always question unexpected behavior. ### Final Thoughts This isn't about fear—it's about awareness. The developer community is strong because we share knowledge. Spread the word, help your colleagues check their setups, and let's make our digital spaces safer together. Remember: security is a habit, not a one-time fix. Keep these practices in mind every time you install or update an extension.