VS Code Extensions Exfiltrate Developer Data
Cybersecurity researchers on Jan 26, 2026 discovered two malicious Microsoft Visual Studio Code extensions advertised as AI-powered coding assistants that covertly siphon developer data to China-based servers. The extensions have about 1.5 million combined installs and remained available from the official Visual Studio Marketplace at discovery, raising supply-chain and credential-exposure concerns. Organizations should audit installed extensions, rotate exposed secrets, and block the flagged packages.
Key Points
- 1Identify two VS Code extensions that covertly exfiltrate developer data to China-based servers
- 2Highlight scale: 1.5 million combined installs, indicating broad exposure of developer environments
- 3Warn practitioners to audit extensions, rotate secrets, and block malicious packages in repositories
Scoring Rationale
High practical impact and broad exposure, but limited independent verification and partial reporting reduce confidence.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems

