Malicious VS Code Extensions Secretly Steal Developer Code in Massive Supply-Chain Risk

AI-powered Visual Studio Code extensions with 1.5 million installs were found silently exfiltrating source code and user data to external servers.

Cybersecurity researchers have uncovered two malicious extensions on Microsoft’s Visual Studio Code Marketplace that secretly exfiltrate developer data while posing as legitimate AI coding assistants. Together, the extensions were installed more than 1.5 million times, creating a serious supply-chain security risk.

The extensions provided the advertised AI functionality but failed to disclose that they were uploading sensitive data to remote servers. They also did not request user consent for any form of data exfiltration.

How the Extensions Steal Data

Researchers from Koi Security linked the activity to a campaign they named MaliciousCorgi. Both extensions share the same spyware codebase and backend infrastructure.

The malicious behavior operates through three main mechanisms:

1. Real-Time File Exfiltration

The extensions monitor files as soon as developers open them in VS Code. They immediately read the entire file, encode it in Base64, and transmit it to attacker-controlled servers. Any subsequent file changes are also captured and sent out.

2. Remote Workspace Harvesting

The extensions support a server-controlled command that can silently extract up to 50 files from a developer’s workspace in a single operation. This allows attackers to collect source code, configuration files, and sensitive project assets without user awareness.

3. Developer Profiling via Analytics SDKs

A hidden zero-pixel iframe loads multiple analytics SDKs that track user behavior inside the editor. These SDKs enable identity profiling, device fingerprinting, and activity monitoring beyond code theft.

Affected Extensions

At the time of disclosure, both extensions remained available on the VS Code Marketplace:

• ChatGPT – 中文版 (Publisher: WhenSunset) – ~1.34 million installs
• ChatMoss (CodeMoss) (Publisher: zhukunpeng) – ~150,000 installs

Why This Matters

VS Code extensions run with broad access to developer environments. This makes them highly attractive targets for attackers seeking intellectual property, credentials, API keys, .env files, and cloud secrets.

Because these extensions behaved like legitimate tools, developers had no visible indicators that their data was being siphoned off in real time.

Microsoft Response

Microsoft confirmed it is investigating the report and stated that it will take action in line with its security policies. As of publication, the extension publishers had not responded to requests for comment.

What Developers and Organizations Should Do

• Immediately review installed VS Code extensions
• Remove unverified or non-essential extensions
• Restrict extension permissions where possible
• Monitor outbound traffic from developer workstations
• Enforce extension allowlists in enterprise environments