All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Malicious VS Code AI Extensions with 1.5M Installs Secretly Harvest Developer Codebases

By

tatersolid

3mo ago· 5 min readenNews
Bagel score 75 of 100
75/100
Toasty
Bagelometer

Lightly toasted, lightly seasoned, mostly correct.

Score75TypenewsSentimentnegative

Summary

Two popular VS Code AI coding extensions with 1.5 million installs have been identified as malicious, secretly harvesting developers' entire codebases and profiling them while remaining active in the official marketplace. The extensions, which appear legitimate with thousands of reviews, gain access to workspaces, files, and keystrokes under the guise of providing AI coding assistance but instead exfiltrate sensitive code and developer data.

Key quotes

· 4 pulled
We install them without a second thought. They're in the official marketplace. They have thousands of reviews. They work. So we grant them access to our workspaces, our files, our keystrokes - and assume they're only using that access to help us code.
Not all of them are.
Our risk engine has identified two VS Code extensions, a campaign we'r
Two popular AI coding extensions with 1.5M installs secretly harvest your entire codebase and profile you. Both are still live in the marketplace.
Snippet from the RSS feed
Two popular AI coding extensions with 1.5M installs secretly harvest your entire codebase and profile you. Both are still live in the marketplace.

You might also wanna read

VS Code Remote-SSH Vulnerability Enables Lateral Movement from Developer Machines to Cloud Servers

A critical vulnerability in Visual Studio Code's Remote-SSH extension creates a post-compromise attack path enabling threat actors to pivot

cybersecuritynews.com·2d ago

Glassworm Malware Campaign Targets Developers via npm, PyPI, OpenVSX, and GitHub

Glassworm is a dangerous malware campaign targeting software developers by abusing trusted platforms including npm, PyPI, OpenVSX, and GitHu

cybersecuritynews.com·4d ago

LineageLens: A VS Code Extension That Tracks AI-Generated Code Provenance

LineageLens is a VS Code extension that acts as a local proxy between AI coding tools (Cursor, Claude Code, Copilot, Aide) and their provide

Product Hunt·19d ago

AI-Generated npm Package Leaks Its Own GitHub Token, Exposing Malware Operator

A malicious npm package named mouse5212-super-formatter, identified by OX Security, was caught leaking its own hardcoded GitHub token. This

infosecurity-magazine.com·1d ago

Security Researchers Find Malware in Hundreds of OpenClaw AI Agent Skill Extensions

Security researchers have discovered hundreds of malicious add-ons in OpenClaw's marketplace, with the most-downloaded skill serving as a ma

The Verge·3mo ago

Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries

A threat actor using the alias vpmdhaj published 14 malicious npm packages within four hours, impersonating legitimate OpenSearch, Elasticse

theregister.com·1d ago