Malicious Microsoft VSCode AI extensions might have hit over 1.5 million users


More than 1.5 million people may have had their sensitive data exfiltrated to Chinese hackers through two malicious extensions found on the VSCode Marketplace. Security researchers at Koi Security said they discovered two malicious browser extensions in Microsoft’s Visual Studio Code (VSCode) Marketplace, the official Microsoft store for code editor add-ons.

The extensions were advertised as AI-based coding assistants. Indeed, they worked as advertised, providing users with a simple and convenient way to access a Generative Artificial Intelligence (GenAI) tool to help with coding. However, the tools were also uploading sensitive data to a third-party server in China without telling the users about it.

Read more…
Source: TechRadar News


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • NSA Advocates Data Sharing Framework

    June 23, 2017

    The economics of cybersecurity are skewed in favor of attackers, who invest once and can launch thousands of attacks with a piece of malware or exploit kit. That’s why Neal Ziring, technical director for the NSA’s Capabilities Directorate, wants to flip the financial equation on bad guys. “We need to conduct defenses in a way that ...