Microsoft has officially reinstated the ‘Material Theme – Free’ and ‘Material Theme Icons – Free’ extensions on the Visual Studio Marketplace after determining that the obfuscated code they contained was not malicious. The extensions, developed by Mattia Astorino (aka ‘equinusocio’), boast over 9 million downloads and were suddenly removed in late February due to security concerns.
The incident led to Astorino’s account being banned, a decision Microsoft now admits was made hastily. The company has since issued an apology and restored both extensions, acknowledging errors in its initial assessment.
Why Microsoft Removed the Extensions
Microsoft’s initial decision to remove the extensions stemmed from concerns over obfuscated code. Researchers Amit Assaraf and Itay Kruk, who use AI-powered security scanners to detect threats in VSCode extensions, flagged the ‘Material Theme’ extension for potential risks. Their analysis focused on the ‘release-notes.js’ file, which was heavily obfuscated and contained code execution capabilities.
A Microsoft representative confirmed the security team’s concerns at the time, stating:
However, Astorino disputed these claims, arguing that the flagged dependency came from an outdated sanity.io SDK used since 2016 for displaying release notes. He claimed the issue could have been resolved quickly if Microsoft had contacted him instead of outright banning the extensions.
Developer’s Response to the Allegations
Astorino maintained that there was never any malicious intent behind his extensions. He clarified that:
- The obfuscated code resulted from an outdated sanity.io dependency.
- The build script in ‘Material Theme Icons’ was used for generating JSON files from SVG icons.
- References to passwords or usernames in the flagged code were harmless strings from an old build process.
Microsoft Issues an Apology and Policy Updates
After a public outcry and Astorino’s formal request for reinstatement, Scott Hanselman, a key Microsoft representative, issued an apology on GitHub, stating:
“The publisher account for Material Theme and Material Theme Icons (Equinusocio) was mistakenly flagged and has now been restored. In the interest of safety, we moved fast and we messed up. Our investigation came to the wrong conclusion.”
Hanselman further confirmed that Microsoft will revise its policies on obfuscated code and improve its security scanning procedures to avoid similar situations in the future.
Cybersecurity researcher Amit Assaraf, who originally flagged the extension, maintained that the code did pose security risks, but he agreed that Microsoft acted too quickly, failing to account for the developer’s intentions.
Material Theme Extensions Are Safe to Use
Astorino has since rewritten the Material Theme extensions, ensuring they comply with Microsoft’s security policies. Both extensions are now available for download on the Visual Studio Marketplace, and Microsoft has expressed its support for Astorino’s future projects.
This incident highlights the importance of a balanced security approach, where developer communication is prioritized alongside automated security measures to prevent unjustified removals.
For more security news, click here.
