Malicious Microsoft VSCode AI extensions might have hit over 1.5 million users

• Two VSCode extensions exfiltrated sensitive user data to Chinese servers
• ChatGPT – 中文版 and ChatMoss had over 1.5 million installs combined
• Extensions used hidden iframes, commands, and SDKs to steal files and track activity

More than 1.5 million people may have had their sensitive data exfiltrated to Chinese hackers through two malicious extensions found on the VSCode Marketplace.

Security researchers at Koi Security said they discovered two malicious browser extensions in Microsoft’s Visual Studio Code (VSCode) Marketplace, the official Microsoft store for code editor add-ons.

The extensions were advertised as AI-based coding assistants. Indeed, they worked as advertised, providing users with a simple and convenient way to access a Generative Artificial Intelligence (GenAI) tool to help with coding. However, the tools were also uploading sensitive data to a third-party server in China without telling the users about it.