Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Malicious VS Code extensions exfiltrate developer files and profiling data

Malware Activity
First reported
Last updated
Happening score
H score 34
2 unique sources, 2 articles

Summary

Hide ▲

MaliciousCorgi is tied to two VS Code AI coding extensions, ChatGPT - 中文版 and ChatMoss (CodeMoss), that were found on the Visual Studio Marketplace and have 1.5 million installs combined. The extensions still functioned as advertised, but they also siphon developer data by reading opened files and source edits, then sending the contents to China-based servers such as aihao123[.]cn without user consent. The operation could also be remotely triggered to exfiltrate up to 50 files from a workspace and load analytics SDKs to fingerprint devices and build profiles.

Related Happenings

GlassWorm v2 cloned VS Code extension loaders

Malware Activity
First: 27.04.2026 14:23 Last: 27.04.2026 14:23 Sources 1

About this happening: The **GlassWorm v2** malware activity now uses **cloned VS Code extensions** on **Open VSX** to deliver payloads that steal credentials, deploy a **RAT**, and spread across multip...

Open Happening

GlassWorm Zig dropper infecting developer IDEs

Malware Activity
First: 10.04.2026 16:23 Last: 10.04.2026 16:23 Sources 1

About this happening: The **GlassWorm** malware set now uses a **Zig dropper** that can silently infect **all VS Code-based IDEs** on a developer's machine, widening the reach of the compromise. The pa...

Open Happening

GlassWorm open-source supply-chain campaign targeting developers

Campaign
First: 14.03.2026 14:55 Last: 14.03.2026 14:55 Sources 1

About this happening: The **GlassWorm** campaign has added a new **Open VSX** wave of **73 cloned VS Code extensions** that impersonate legitimate packages to build trust before delivering malware. **S...

Latest development: 17.03.2026 23:42

GlassWorm renewed its supply-chain campaign against GitHub, npm, and VSCode/OpenVSX, with researchers identifying 433 compromised components this month across 200 GitHub Python repositories, 151 GitHub JS/TS repositories, 72 VSCode/OpenVSX extensions, and 10 npm packages. The operators compromised GitHub accounts to force-push malicious commits, published obfuscated code using invisible Unicode characters, and used Solana blockchain transactions as C2 to deliver a Node.js runtime and a JavaScript-based information stealer that targets cryptocurrency wallet data, credentials, access tokens, SSH keys, and developer environment data.

Open Happening

Windows 11 Insider Preview adds secure batch-file execution controls

Security Tool/Service
First: 27.02.2026 22:00 Last: 27.02.2026 22:00 Sources 1

About this happening: **Microsoft** is adding a more secure batch-file and CMD-script execution mode in **Windows 11 Insider Preview builds**, which matters for **enterprise scripted workflows** that n...

Open Happening

Microsoft expands Purview DLP enforcement for Copilot across local and cloud Office files

Security Tool/Service
First: 24.02.2026 19:30 Last: 24.02.2026 19:30 Sources 1

About this happening: Microsoft is expanding **Purview DLP** so **Microsoft 365 Copilot** cannot process restricted **Word, Excel, and PowerPoint** files stored on **local devices, SharePoint, or OneDr...

Open Happening

Timeline

  1. 23.01.2026 22:11 3 articles · 4mo ago

    Malicious VS Code extensions disclosed

    Initial Disclosure

    Koi identified two AI-themed extensions in Microsoft’s Visual Studio Code Marketplace, ChatGPT – 中文版 and ChatMoss (CodeMoss), as part of the MaliciousCorgi campaign after finding that they silently exfiltrated opened-file contents and edits from the VS Code client, could harvest up to 50 workspace files per command, and loaded analytics SDKs to profile developers while sending data to China-based servers.

    Show sources
    Open in new tab