Keypoints
- ReversingLabs found four malicious VS Code extensions published by the same author (VSAnalysistest) that stole data and sent it to Discord webhooks.
- Extensions used package.json activationEvents to trigger execution of extension.js and run the activate function when commands/events occurred.
- clipboard-helper-vscode polled the clipboard every two seconds and sent changed clipboard contents to a Discord webhook, with a max-send limit set to 3.
- code-ai-assistant, codegpt-helper, and mycodegpt-assistant prompted users for API keys or passwords via input boxes and exfiltrated the entered credentials to Discord.
- Malicious code was implemented in JavaScript within the extension entry file and closely mirrored Microsoft tutorial sample code (helloWorld), suggesting early-stage or test tooling.
- All four extensions were removed from the VS Code Marketplace and had very low installation/download counts, limiting observed impact.
MITRE Techniques
- [T1059.006] JavaScript – Malicious logic was implemented and executed in the extension entry file (extension.js): ‘the function activate in extension’s entry file is executed.’
- [T1115] Clipboard Data – The extension monitored clipboard contents and exfiltrated any changes: ‘checks every two seconds to see if the stored clipboard data has changed. If it has, the new clipboard data is sent over a Discord webhook.’
- [T1056] Input Capture – Extensions solicited credentials via input prompts and captured the entries: ‘developers…are prompted with an input box asking for an “API key”. Placeholder text…enter their GitHub password, which is then saved and exported over a Discord webhook.’
- [T1041] Exfiltration Over C2 Channel – Stolen data was transmitted out-of-band using Discord webhooks: ‘sent over a Discord webhook.’
- [T1204] User Execution – Activation depended on user-invoked commands/events (e.g., chatgpt.updateAPIkey, helloWorld) to trigger malicious behavior: ‘when the command chatgpt.updateAPIkey is executed … the function activate … is executed.’
Indicators of Compromise
- [Extension ID] malicious VS Code package identifiers – VSAnalysistest.clipboard-helper-vscode, VSAnalysistest.code-ai-assistant, and others
- [SHA1 hashes] extension package hashes – edf04024c6e0a8927f04a26edcde4374b365e16d, 14f4a6f3e872c3367e6ddec16a2b183176a091c8, and 4 more hashes
- [File names] extension entry and manifest files observed – extension.js, package.json (activationEvents present)
- [Commands/activation events] triggers observed – chatgpt.updateAPIkey, helloWorld
Rewriting (technical procedure, max three paragraphs):
The malicious VS Code extensions leveraged the standard VS Code extension lifecycle: package.json defined activationEvents (commands or other triggers) that cause VS Code to call the exported activate function in the extension entry file (extension.js). When specific activation events occurred (for example, the chatgpt.updateAPIkey command or the tutorial helloWorld command), the JavaScript code in extension.js executed and performed data-collection routines. The extensions mirrored Microsoft tutorial scaffolding to appear benign while inserting data-stealing logic into the activate path.
For data capture, one extension (clipboard-helper-vscode) implemented a polling loop that checked the system clipboard every two seconds and, on change, queued the new clipboard contents for transmission; a counter limited sends to three occurrences. Other extensions presented an input box requesting an “API key” (with placeholder text prompting developers to enter GitHub credentials), stored the provided value, and prepared it for exfiltration. All capture routines were implemented in JavaScript within the extension context and invoked from the activate function.
Exfiltration was performed by sending the collected items to a Discord webhook URL embedded in extension.js, effectively using a web-based channel to transmit stolen data. Because the code was simple and resembled tutorial examples, these samples appear to be early-stage or test implementations; however, the technical pattern—activation-triggered JavaScript execution, input/clipboard capture, and webhook exfiltration—presents a repeatable supply-chain risk for VS Code Marketplace consumers.