In a technical analysis by Koi Security, researchers reported that two malicious extensions on the Visual Studio Code Marketplace, collectively installed 1.5 million times, exfiltrate developer files and telemetry to servers in China.
KEY FACTS
- Incident Two VSCode extensions contain undocumented data exfiltration functionality
- Installations Combined about 1.5 million installs across both extensions
- Methods Full file reads on open, server controlled workspace harvesting, and embedded analytics SDKs
- Risk Private source code and credentials can be exposed
The two extensions are named ChatGPT – 中文版 and ChatMoss (CodeMoss) and had roughly 1.34 million and 150,000 installs respectively.
The report describes three data collection mechanisms. First, the extensions read the full contents of any file opened in the editor, encode the contents in Base64, and transmit them to a hidden webview iframe in real time. Changes to open files are also captured and sent.
Second, a server controlled command can harvest up to 50 files from a workspace on demand. Third, a zero pixel iframe in the extension webview loads commercial analytics SDKs including Zhuge.io, GrowingIO, TalkingData, and Baidu Analytics to build user and device profiles.
The report warns this undocumented behavior can expose private source code, configuration files, cloud credentials, and .env files containing API keys.
WHY IT MATTERS
The activity can transmit sensitive code and secrets to remote servers, increasing the risk of intellectual property loss and account compromise for developers and organizations.