Can developers trust extensions downloaded for Microsoft’s popular Visual Studio Code editor? Researchers at Aqua Nautilus say they have found that attackers could easily impersonate popular extensions and trick unknowing developers into downloading them.