Two malicious Visual Studio Code extensions on the VSCode Marketplace — ChatGPT – 中文版 and ChatMoss (CodeMoss) — collectively installed about 1.5 million times, secretly exfiltrate developer files and data to China-based servers as part of a campaign dubbed MaliciousCorgi. They pose as AI coding assistants but quietly upload opened files (encoded in Base64), can harvest up to 50 workspace files on command, and use hidden analytics SDKs (Zhuge.io, GrowingIO, TalkingData, Baidu Analytics) to fingerprint and profile users without consent. #MaliciousCorgi #VSCodeMarketplace
Keypoints
- Two malicious VS Code extensions with a combined 1.5 million installs exfiltrate developer data to China-based servers.
- The extensions advertise AI coding assistance but do not disclose file uploads or obtain user consent.
- Data collection uses three mechanisms: real-time Base64 upload of opened files, server-triggered harvesting of up to 50 workspace files, and hidden analytics SDKs for profiling.
- Koi Security attributes the campaign to “MaliciousCorgi” and found both extensions share the same spyware code and backend servers.
- The undocumented behavior risks exposing source code, configuration files, cloud credentials, and .env secrets; Microsoft has been contacted for comment.