Malicious VS Code AI Extensions Threaten Developer Security

Key Findings

Two malicious Microsoft Visual Studio Code (VS Code) extensions, disguised as AI-powered coding assistants, have over 1.5 million combined installs and are stealing developer source code.
The extensions, "ChatGPT - 中文版" and "ChatGPT - ChatMoss（CodeMoss）", capture every file being opened and every source code modification, and send the data to servers located in China without user knowledge or consent.
The extensions also incorporate real-time monitoring and device fingerprinting capabilities using Chinese analytics SDKs.
The campaign, codenamed "MaliciousCorgi", highlights the security risks posed by AI coding extensions and the need for better vetting by Microsoft.

Visual Studio Code (VS Code) is the dominant code editor, with over 73% developer adoption.
The rise of AI coding assistants has led to a proliferation of extensions, many of which require broad permissions to function.
Previous campaigns have seen malicious extensions targeting the VS Code ecosystem, with over 110 removed by Microsoft in 2025 alone.

The extensions read and exfiltrate the contents of every file being opened, encoding the data in Base64 and sending it to a server in China.
A remote-triggered feature can cause up to 50 files in the workspace to be exfiltrated at once.
The extensions also include hidden zero-pixel iframes that load four commercial Chinese analytics SDKs for device fingerprinting and user profiling.

The stolen data includes source code, configuration files, cloud service credentials, and API keys, potentially leading to intellectual property theft and account compromise.
The widespread adoption of VS Code means this campaign affects a large portion of the software development industry.
The AI-based functionality of the extensions makes the malicious behavior harder to detect, as it appears to be part of the extensions' legitimate functionality.

Microsoft stated they are investigating the report and will take appropriate action, but critics argue their vetting process for VS Code extensions remains inadequate.
The extensions were eventually removed, but only after security researchers discovered and reported the campaign.

Check your installed VS Code extensions for "ChatGPT - 中文版" and "ChatGPT - ChatMoss（CodeMoss）", and uninstall them immediately if found.
Exercise caution when installing AI-powered coding assistant extensions, and carefully review their permissions and behavior.
Adopt secure software supply chain practices, such as disabling script execution, committing lockfiles, and using granular access tokens with 2FA.