VS Code AI extensions spying on developers were found secretly collecting full source code and sensitive credentials without consent.
Security researchers have uncovered a serious privacy threat involving popular artificial intelligence coding assistants on Microsoft’s Visual Studio Code Marketplace.
Two extensions “ChatGPT – 中文版” and “ChatMoss (CodeMoss)” — were found secretly collecting developers’ data and sending it to remote servers in China. Together, the tools have nearly 1.5 million installs, raising concerns about the scale of exposure.
The findings were published this week by cybersecurity firm Koi Security, which described the activity as a coordinated spyware operation hidden inside working AI tools.
Why the Extensions Were Hard to Detect
According to the researchers, the extensions function exactly as advertised. They provide real AI-powered coding assistance, which helped them avoid suspicion.
Koi Security said both tools contained identical malicious code, despite being published under different names. The campaign has been labelled “MaliciousCorgi.”
How the Data Was Collected
The investigation revealed three separate data-harvesting methods operating silently in the background.
First, the extensions monitored developers in real time. The moment any file was opened, the entire file content not just selected lines was copied, encoded, and transmitted through a hidden tracking frame.
Second, the spyware allowed a remote server to pull up to 50 files at once from a developer’s workspace, without any user action.
Third, the tools loaded invisible tracking frames that connected to multiple analytics platforms, including Baidu Analytics, enabling user profiling and device fingerprinting inside the code editor.
What Was Exposed
Koi Security warned that the campaign put highly sensitive data at risk.
This includes private source code, configuration files, cloud credentials, internal URLs, and .env files containing API keys and passwords. Researchers said attackers could access these files remotely whenever they chose.
Extensions Still Available?
As of the time of reporting, both extensions were still listed on the VS Code Marketplace.
Technology news outlets BleepingComputer and Cybernews reported that Microsoft had been contacted, but no official response had been issued.
A Growing Threat to Developers
The discovery highlights a wider problem facing developers who rely on third-party tools.
Security firm ReversingLabs reported that malicious VS Code extensions rose sharply from 27 in 2024 to 105 within the first ten months of 2025.
Experts say the incident shows how easily trusted development environments can be abused when security checks fail.
.jpeg)
.jpeg)
0 Comments