Malicious AI extensions on VSCode Marketplace steal developer data

Marketplace that were collectively installed 1.5 million times, exfiltrate developer data to China-based servers.
GIGAZINE

A report that a fake VSCode extension was created and downloaded and that a flaw in the VSCode extension system that makes it easy to insert malicious code was also revealed

Microsoft's text editor 'Visual Studio Code (VSCode)' allows you to add functions and customize the appearance by introducing extensions. Security researchers released 'fake extensions that insert ...
How-To Geek on MSN

Visual Studio Code has new experimental themes and more AI coding features

The January 2026 update has arrived.
The Hacker News

Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware

A fake VS Code extension posing as a Moltbot AI assistant installed ScreenConnect malware, giving attackers persistent remote ...
Bleeping Computer

Latest Visual Studio Code news

A hacker planted data wiping code in a version of Amazon's generative AI-powered assistant, the Q Developer Extension for Visual Studio Code. Modern attacks have shifted focus to the browser, yet ...