Microsoft has introduced VS Code Tunnel, a reverse shell embedded within Visual Studio Code that allows users to share their desktop on the web with just a few clicks. This tool, known as a lolbin (Living Off the Land Binary), can be triggered from the command line with the portable version of code.exe. It poses a security risk as an attacker could upload the binary and gain access to sensitive data without detection from anti-virus software. Microsoft’s documentation suggests blocking access to the domain global.rel.tunnels.api.visualstudio.com, but this may not be effective against established tunnels. AppLocker can be used to whitelist or block certain applications, but it may not work for VS Code Tunnel due to the lack of a product name.
https://ipfyx.fr/post/visual-studio-code-tunnel/