Malicious AI Extensions with 1.5 Million VS Code Installs Steal Developer Source Code
Researchers have uncovered two malicious extensions for Microsoft Visual Studio Code that claim to provide AI coding assistance while secretly stealing developer data.
Key Points:
Two malicious VS Code extensions have 1.5 million combined installs.
The extensions capture source code and send it to servers in China without user consent.
They operate like legitimate AI tools, making them particularly dangerous.
Recent vulnerabilities in package managers could further complicate security.
Disabling lifecycle scripts remains crucial, but organizations should assess their risks.
Cybersecurity researchers have recently detected two extensions for Microsoft Visual Studio Code masquerading as AI-powered coding assistants. Collectively, these extensions have been downloaded 1.5 million times and are still listed on the official Visual Studio Marketplace. While they perform as advertised, providing useful features like autocomplete suggestions, a hidden malicious framework is at play. This spyware functionality captures and transmits every file opened and edited to servers located in China, operating without the knowledge or consent of the developers using them. The implications for data security in a world where developers often rely on such extensions can be severe, particularly when their sensitive source code may be accessed and exploited by malicious entities overseas.
The extensions were found to transmit data by encoding files in Base64 format and sending them to designated servers. They also have a real-time monitoring capability that can trigger data exfiltration for multiple files at once. The situation is exacerbated by the recent identification of vulnerabilities in popular JavaScript package managers, which pose risks for package installation processes and could allow malware to bypass security checks. Given the complex landscape of supply chain threats and the recent acknowledgment from npm about the responsibility being on users, it is imperative for developers and organizations to remain vigilant and proactive in safeguarding their code.
What measures do you think developers should take to protect their code from such threats?
Learn More: https://thehackernews.com/2026/01/malicious-vs-code-ai-extensions-with-15.html
0 Comments