Malicious VS Code Extensions Found Harvesting Developer Data
Cybersecurity researchers have uncovered two malicious Microsoft Visual Studio Code (VS Code) extensions that pose as AI-powered coding assistants but secretly send developer data to servers in China.
The extensions, named ChatGPT – ä¸æ–‡ç‰ˆ and ChatGPT – ChatMoss, have a combined 1.5 million installs and can still be downloaded from the official Visual Studio Marketplace.
- ChatGPT – ä¸æ–‡ç‰ˆ (ID: whensunset.chatgpt-china) – 1,340,869 installs
- ChatGPT – ChatMoss(CodeMoss)(ID: zhukunpeng.chat-moss) – 151,751 installs
The extensions function as expected but secretly transmit all opened files and source code changes to servers in China without user consent, a campaign dubbed MaliciousCorgi by Koi Security.
Security researcher Tuval Admoni noted that both extensions contain the same spyware infrastructure under different names, operating stealthily to avoid detection.
Despite providing autocomplete suggestions and error explanations, the extensions covertly encode and send file contents to a server in China whenever a code edit is made.
In addition to data exfiltration, the extensions deploy real-time monitoring that can remotely trigger the transfer of up to 50 files from the user’s workspace. Furthermore, they employ hidden iframes to load analytics SDKs for device fingerprinting.
PackageGate Flaws Discovered in JavaScript Package Managers
Koi Security also uncovered six zero-day vulnerabilities in JavaScript package managers like npm and pnpm, collectively known as PackageGate, that could bypass security controls during package installation.
These vulnerabilities have been addressed in pnpm (v10.26.0), vlt (v1.0.0-rc.10), and Bun (v1.3.5) following responsible disclosure. However, npm has chosen not to fix the issue, emphasizing user responsibility in vetting package content.
GitHub, the parent company of npm, is actively working to mitigate the threat by scanning for malware in the registry and advocating for stronger supply chain security practices.
As organizations navigate the risks posed by PackageGate, the recommendation remains to disable scripts and commit lockfiles while making informed choices about security measures.
(This article has been updated with a response from GitHub.)
