Security researchers at Koi Security have uncovered a significant data exfiltration campaign involving two malicious extensions on Microsoft's Visual Studio Code (VSCode) Marketplace. These extensions, masquerading as AI-based coding assistants, have collectively been installed over 1.5 million times and are transmitting sensitive developer data to servers located in China.
Identified Malicious Extensions:
- ChatGPT – 中文版: Developed by WhenSunset, this extension boasts approximately 1.34 million installs.
- ChatMoss (CodeMoss): Created by zhukunpeng, it has around 150,000 installs.
Both extensions are part of a campaign dubbed 'MaliciousCorgi' and share identical malicious code and backend servers. Despite their functionality, they do not disclose their data-collection activities or obtain user consent. (bleepingcomputer.com)
Data Exfiltration Mechanisms:
- Real-Time File Monitoring: Upon opening any file, the extension reads its entire contents, encodes it in Base64, and sends it to a webview containing a hidden tracking iframe. (bleepingcomputer.com)
- Server-Controlled File Harvesting: The extension can stealthily exfiltrate up to 50 files from the victim’s workspace per request. (bleepingcomputer.com)
- User Profiling: A zero-pixel iframe loads four commercial analytics SDKs—Zhuge.io, GrowingIO, TalkingData, and Baidu Analytics—to track user behavior, build identity profiles, and monitor other activities. (bleepingcomputer.com)
Implications and Recommendations:
The exfiltrated data includes source code, configuration files, cloud credentials, and sensitive `.env` files containing API keys. Developers are advised to uninstall these extensions immediately and review their systems for signs of data exfiltration. (bleepingcomputer.com)
Sources:
- Malicious AI extensions on VSCode Marketplace steal developer data
- Fake ChatGPTs harvest data from 1.5M developers
- Malicious AI extensions steal data from hordes of VS Code developers
Malicious AI Extensions on VSCode Marketplace Expose Developer Data to China
Two AI-powered extensions on Microsoft's Visual Studio Code Marketplace have been found exfiltrating developer data to China-based servers, affecting approximately 1.5 million installations.
Two malicious AI extensions on VSCode Marketplace have been found exfiltrating developer data to China-based servers, affecting approximately 1.5 million installations.
Have you installed any AI-powered extensions on VSCode? How do you ensure their security?