Malicious AI-made extension with ransomware capabilities sneaks on to Microsoft's official VS Code marketplace - so devs beware

• Malicious VS Code extension ‘susvsex’ acted as ransomware and used GitHub for command control
• Extension appeared AI-generated, with embedded decryption keys and suspicious metadata
• Microsoft removed it after public pressure, raising concerns about marketplace review gaps

A malicious extension was published on Microsoft’s official VS Code marketplace, and was able to remain there for some time gathering downloads and infecting people’s computers.

Security researcher John Tuckner from Secure Annex found and reported the extension to Microsoft, noting the extension worked as ransomware and to make matters worse, made it “blatantly malicious” by stating, in the description, exactly what it does: “VS Code extension that automatically zips, uploads, and encrypts files from C:\Users\Public\testing on Windows.”

He also explained that the extension, called ‘susvsex’, utilized GitHub as a command-and-control channel and that it was obviously vibe-coded (written with the help of AI and natural ...