MaliciousCorgi: The Cute-Looking AI Extensions Leaking Code from 1.5 Million Developers (www.koi.ai)

A concerning cybersecurity campaign, dubbed "MaliciousCorgi," has been identified within the Visual Studio Code (VS Code) marketplace, where two seemingly benign AI coding assistant extensions have combined for over 1.5 million installs. These extensions not only function as advertised—offering coding suggestions and error explanations—but also engage in malicious activities by capturing extensive amounts of code and user data without consent, sending this information to servers in China. This incident is significant for the AI/ML community as it highlights a critical security gap in the rapid adoption of AI coding tools. Developers are often unaware of the risks associated with third-party extensions, assuming that positive reviews and marketplace presence equate to safety. The extensions secretly monitor real-time file activities, conduct mass file harvesting remotely, and profile users through hidden tracking SDKs, which could expose sensitive information such as API keys and proprietary code. As the landscape becomes increasingly reliant on AI tools, there's an urgent need for robust verification processes to safeguard developers' environments from similar threats while maintaining productivity.