Slow Mist CISO: Beware of suspicious VSCode plugin 'JuanFranBlanco. solidit vscode'

According to 23pds reposting a post by X platform user @ mrdotparasyte, the Chief Information Security Officer of SlowMist Technology, a suspicious VSCode plugin named JuanFranBlanco.solidit-vscode was discovered. The download volume of this plugin is suspected to have been fraudulently obtained through improper means, and the plugin information is also questionable. Moreover, the "solidit" in the plugin identifier is clearly a spelling error. The plugin has been in existence for two or three days, and it is currently unclear how many developers have been accidentally "tricked". Currently, supply chain attacks targeting developers are becoming increasingly rampant, especially unverified VSCode plugins, npm packages, etc., which have become a major target of such attacks. We would like to remind developers to be vigilant and carefully identify third-party plugins or packages when installing them.