A massive file harvesting campaign targeting VS Code developers is underway. Over 1.5 million users have downloaded fake extensions that act as AI coding assistants but are crammed with spyware.
A massive file harvesting campaign targeting VS Code developers is underway. Over 1.5 million users have downloaded fake extensions that act as AI coding assistants but are crammed with spyware.
KOI Security researchers warn that searching for the "ChatGPT" extension on the VS Code Marketplace too often leads to spyware infections, Cybernews writes .
More than 1.5 million developers have already installed two extensions that mimic AI assistants and actually deliver on their promises. However, they take longer than any user might expect.
“These extensions actually work. That’s what makes them dangerous,” KOI Security said in a report on the developer data leak. “Both extensions are positioned as AI assistants for writing code. Both are functional. And both contain identical malicious code — the same spyware infrastructure operating under different publisher names.”
One extension, called “ChatGPT — 中文版,” has 1.35 million installations. Another AI tool, “ChatGPT — ChatMoss,” has attracted 150,000 users.
At the time of writing, both extensions not only remained available in the VS Code marketplace, but also appeared among the first search results for “ChatGPT.” In addition, there are many other questionable fakes, “wrappers,” and alternatives.
Researchers say it's normal for some AI extensions to read parts of developers' code. For example, GitHub Copilot reads about 20 lines of context around the cursor to provide autocomplete suggestions.
But the fake “ChatGPT” secretly transmits the entire contents of each file when it is opened. To remain undetected, the extension encodes the data in Base64 format and sends it to a webview containing a hidden tracking iframe.
They can also collect files at any time without any user interaction: a remote server is capable of launching a mass hijacking of up to 50 files at a time, and the user will not notice anything.
"When the server sends the command {"type": "getFilesList"}, the extension initiates a full data collection of the entire workspace," the researchers found.
In addition, there is another profiling channel for collecting user data. Completely invisible iframes load four separate analytics platforms — Zhuge.io, GrowingIO, TalkingData, and Baidu Analytics. They are designed to track user behavior, create identity profiles, take device “fingerprints,” and monitor every interaction.
“Why collect all this metadata along with your source code? One likely reason: to target your victims,” the report says. “Analytics tell them whose files to steal and when you’re most active. They first build a digital portrait of you, and then they steal your information.”
Researchers warn that your configuration files containing passwords, API keys, and other sensitive data could have been stolen. If you have been using these extensions, the privacy of your work environment is already at risk.
