Malicious Microsoft VSCode AI extensions might have hit over 1.5 million users (www.techradar.com)

Security researchers at Koi Security have discovered that two malicious extensions in the Microsoft Visual Studio Code (VSCode) Marketplace, labeled ChatGPT – 中文版 and ChatMoss, potentially exfiltrated sensitive data from over 1.5 million users to servers in China. Advertised as AI-based coding assistants, these extensions covertly transmitted user files by employing discreet mechanisms such as real-time file monitoring, server-controlled commands, and hidden tracking iframes to record user activities. The implications of this breach are significant, as it not only raises concerns about data privacy and security but also exposes the vulnerability of widely-used development tools. The malicious behavior of these extensions, all of which are still available for download, underscores the urgent need for enhanced security measures and scrutiny within coding environments. Users were unaware that simply opening files would lead to their contents being sent to external servers, with the entire file being encoded and relayed with minimal user interaction. Microsoft has acknowledged the situation and is investigating, but the incident serves as a stark reminder of the risks associated with third-party software and the necessity for developers and organizations to closely vet their tools for security vulnerabilities.