CYBERSECURITY researchers have identified two malicious Visual Studio Code extensions marketed as AI coding assistants that secretly siphon developer data to servers in China, in a campaign dubbed MaliciousCorgi. The extensions—ChatGPT - 中文版 (ID: whensunset[.]chatgpt-china) with 1,340,869 installs and ChatGPT - ChatMoss(CodeMoss)(ID: zhukunpeng[.]chat-moss) with 151,751 installs—remain downloadable from the official Visual Studio Marketplace.
Koi Security said the extensions are functional yet also capture every file opened and every source code modification to servers located in China without user knowledge or consent.
The spyware reads all file contents, encodes them in Base64, and transmits them to aihao123[.]cn for each edit, while a real-time monitoring feature can trigger exfiltration of up to 50 files in a workspace, complemented by a hidden iframe loading four analytics SDKs (Zhuge[.]io, GrowingIO, TalkingData, and Baidu Analytics) to fingerprint devices. The campaign has been named MaliciousCorgi, and the extensions reportedly operate with identical malicious code under different publisher names.
According to the news, broader supply chain concerns were highlighted by six zero-day flaws in JavaScript package managers under the PackageGate umbrella, with some fixes rolled out in pnpm, vlt, and Bun and CVEs tracked for pnpm.