VSCode AI Extensions Expose Millions of Users to Data Theft
More than 1.5 million developers may have had sensitive information stolen through two malicious AI extensions on Microsoft’s VSCode Marketplace. Security experts warn that these extensions, which claimed to enhance coding with AI, secretly sent files and activity logs to servers in China. This discovery raises urgent concerns for developers relying on third-party extensions for everyday programming tasks.
Malicious Extensions Masquerading as AI Assistants
The extensions, named ChatGPT – 中文版 and ChatMoss, promised AI-powered coding assistance. Users could interact with these tools to generate code snippets, troubleshoot errors, and boost productivity. While the extensions delivered on these promises, they also harvested sensitive data without consent. Hidden commands, iframes, and SDKs were used to extract files and track user activity, a tactic known in cybersecurity circles as data exfiltration.
How the MaliciousCorgi Campaign Operates
Researchers at Koi Security have linked these extensions to the so-called MaliciousCorgi campaign. Both extensions sent collected information to a single Chinese server, allowing the attackers to accumulate significant amounts of user data. ChatGPT – 中文版 alone had 1.34 million installs, while ChatMoss had around 150,000 installs, putting a large portion of the VSCode community at risk.
The campaign’s stealthy nature meant that many developers remained unaware of the breach. By blending legitimate AI functionality with hidden data theft, these extensions evaded initial detection by both users and Microsoft’s marketplace security protocols.
Risks for Developers and Organizations
The stolen data may include code files, project documents, and potentially sensitive internal communications. For developers working in corporate environments, this could mean exposure of proprietary information, intellectual property, and credentials. Even hobbyists and open-source contributors could be affected, highlighting how vulnerable even trusted development tools can be when malicious extensions slip through.
What Developers Should Do Now
Security experts recommend that developers immediately review all installed VSCode extensions and uninstall any that are not verified or widely trusted. Users should monitor system logs and network activity for suspicious behavior and change credentials if there’s a chance they were exposed. Additionally, keeping VSCode updated ensures access to the latest security patches that may prevent similar attacks.
Microsoft has been notified of the threat, but as of now, both extensions remain available on the VSCode Marketplace. Users are urged to exercise caution and report any suspicious activity to prevent further data loss.
Lessons Learned from the Incident
This incident underscores a growing risk in the software development ecosystem: the rise of malicious AI-powered tools. While AI extensions can improve coding efficiency, they can also serve as gateways for cybercriminals to access sensitive data. Developers are advised to balance productivity with security, vetting tools thoroughly before integrating them into their workflows.
By raising awareness and adopting stricter extension review practices, the developer community can reduce the likelihood of falling victim to similar attacks. Vigilance, skepticism, and adherence to security best practices remain critical as AI becomes increasingly integrated into software development.
Array