Malicious VS Code Extension Discovered with Ransomware Capabilities

A Visual Studio Code extension with ransomware functionality, apparently created using artificial intelligence, was discovered and removed from the official VS Code Extension Marketplace. Security researcher John Tuckner identified the extension, named "susvsex," which contained capabilities to zip, upload, and encrypt user files.

The extension, uploaded on November 5, 2025, by "suspublisher18," made no attempt to hide its malicious nature, explicitly describing its ransomware capabilities and encryption processes in its documentation. Microsoft removed the extension on November 6 after being alerted to the threat.

How the Malicious Extension Operated

The "susvsex" extension represented a concerning development in supply chain attacks targeting developer tools. Unlike many sophisticated types of malware that attempts to conceal its true purpose, this extension was surprisingly transparent about its capabilities.

"Automatically zips, uploads, and encrypts files from C:UsersPublictesting (Windows) or /tmp/testing (macOS) on first launch," read the extension's description. While targeting test directories initially, the code could be easily modified to target critical files.

According to Tuckner's analysis, the extension activated automatically on any event, including installation or when launching VS Code. It would then invoke a function called "zipUploadAndEncrypt" that performed three key actions:

1. Create a ZIP archive of files in the target directory
2. Exfiltrate the archive to a remote server
3. Replace the original files with encrypted versions

Beyond encryption capabilities, the extension utilized GitHub as a command-and-control (C2) channel, regularly checking a private repository for new commands by parsing an "index.html" file. After executing commands, it would write results back to the same repository in a "requirements.txt" file using an embedded GitHub access token.

"Extraneous comments which detail functionality, README files with execution instructions, and placeholder variables are clear signs of 'vibe-coded' malware," Tuckner noted, referring to the AI-assisted creation of the malicious code. The GitHub account linked to the repository, "aykhanmv," reportedly belonged to a developer from Baku, Azerbaijan.

Most surprisingly, the extension package accidentally included decryption tools, C2 server code, and GitHub access keys that could allow others to take control of the command infrastructure.

Technical Analysis and IOCs

For security professionals investigating similar threats, here are the key indicators of compromise (IOCs) associated with this malware:

• Extension name: "susvsex"
• Publisher: "suspublisher18"
• GitHub repository: Associated with user "aykhanmv"
• Target directories: C:UsersPublictesting (Windows) and /tmp/testing (macOS)
• Command function: "zipUploadAndEncrypt"

Security teams should implement monitoring for suspicious extension installations and unusual file encryption activities, particularly in development environments.

Trojanized NPM Packages Deliver Information Stealer

In a related development, Datadog Security Labs uncovered 17 npm packages designed to deliver the Vidar Stealer malware while masquerading as legitimate software development kits. This marks the first known instance of the Vidar information stealer being distributed through the npm registry.

The malicious packages, tracked as MUT-4831, were initially detected on October 21, 2025, with subsequent uploads occurring over the following days. Published by accounts named "aartje" and "saliii229911," the packages used names like "abeya-tg-api," "bael-god-api," and "telegram-bot-starter."

Though the accounts have since been banned, the libraries were downloaded at least 2,240 times before removal. However, Datadog noted that many downloads may have come from automated scrapers rather than actual victims.

The attack mechanism was straightforward but effective. Upon installation, a postinstall script specified in the "package.json" file would download a ZIP archive from an external server using the domain "bullethost[.]cloud" and execute the Vidar malware that steals sensitive information contained within.

The Vidar 2.0 samples used hard-coded Telegram and Steam accounts as dead drop resolvers to identify the actual C2 server. Some variants employed a PowerShell script embedded directly in the package.json file to download the ZIP archive before passing control to a JavaScript file to complete the attack.

"It is not clear why MUT-4831 chose to vary the postinstall script in this way," explained security researchers Tesnim Hamdouni, Ian Kretz, and Sebastian Obregoso. "One possible explanation is that diversifying implementations can be advantageous to the threat actor in terms of surviving detection."

Historical Context of NPM Supply Chain Attacks

This incident follows a troubling pattern of supply chain attacks targeting open-source package repositories. In previous years, similar techniques have been observed with packages like "ua-parser-js" and "event-stream," which affected millions of downstream applications. The targeting of developer tools represents an efficient attack vector as compromised dependencies can affect numerous organizations through a single successful infiltration.

Rising Threat to Open-Source Ecosystems

These incidents add to a growing list of supply chain attacks targeting open-source ecosystems including npm, PyPI, RubyGems, and Open VSX. The increasing sophistication of these attacks, particularly with AI assistance, presents a significant threat to developers who rely on these repositories.

The discovery of the malicious VS Code extension underscores how AI tools might be lowering the barrier to entry for creating sophisticated malware. The extensive documentation and comments in the code, along with included decryption tools, suggest an inexperienced attacker potentially using AI to generate the malicious functionality.

How Developers Can Protect Themselves

Given the rising threat level, developers should implement several defensive measures:

1. Carefully review extension and package descriptions for suspicious language or functionality
2. Check developer reputation and history before installation
3. Be wary of new extensions with few downloads or reviews
4. Verify changelogs and inspect code when possible
5. Watch for typosquatting attempts that mimic legitimate package names
6. Use security tools that can scan dependencies for known malicious code
7. Implement integrity checking and validation of packages before installation
8. Consider using reliable malware removal and prevention tools in development environments

Developers should establish separate development environments with limited access to production systems whenever possible to limit the potential impact of malicious extensions or packages.

Security Implications for Organizations

The combination of AI-assisted malware development and attacks on developer tools creates significant security concerns for organizations. Developer environments typically have privileged access to source code and production systems, making them high-value targets.

These incidents highlight how even specialized developer tools can become vectors for ransomware and data theft. Organizations should implement strict controls around extension installation and regularly audit development environments for unauthorized or suspicious extensions.

Practical Mitigation Strategies

Organizations should consider implementing these specific security controls:

• Extension Whitelisting: Only allow pre-approved extensions from trusted sources
• Code Signing Requirements: Require signed extensions with verified certificates
• Isolated Development Environments: Separate development environments from production access
• Routine Security Scans: Regular scanning of development environments for suspicious activity
• Developer Training: Educate development teams about supply chain risks and warning signs

According to CISA's guidance on software supply chain security, organizations should implement a formal software bill of materials (SBOM) to track all dependencies and monitor for security vulnerabilities.

Using This Information

This information can be valuable for:

1. Reviewing your development environment for potentially malicious extensions or packages
2. Implementing stronger controls over what extensions and packages developers can install
3. Training development teams on recognizing signs of malicious packages before installation

As AI tools become more accessible, security teams must adapt to new threat models where attackers can leverage these technologies to create increasingly sophisticated malware. Like how Netflix's "Black Mirror" predicted technology's darker possibilities, we're seeing the emergence of AI-assisted threats that blend technical capability with deceptive presentation.