A malicious VS Code extension called susvsex, created with AI, has been found to possess ransomware capabilities and was available on Microsoftβs official marketplace. Despite its clear malicious activities, Microsoft has not removed the extension, raising concerns about the effectiveness of their vetting process. #susvsex #MicrosoftVSCodeMarketplace
Keypoints
- The susvsex extension was designed with AI-generated code and has ransomware features.
- It encrypts files using AES-256-CBC and exfiltrates data to a remote command-and-control server.
- The malicious extension triggers its activity upon installation or launch of VS Code.
- The extension polls a private GitHub repository for commands using a hardcoded PAT token.
- Microsoft has not yet removed susvsex from the VS Code marketplace despite reports of its malicious functionality.