Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code - The Hacker News

Two malicious Visual Studio Code extensions, disguised as AI coding assistants, have been found siphoning developer source code and opened files to China-based servers. These extensions, with a combined 1.5 million installs, leverage covert spyware functionality to exfiltrate sensitive data in Base64 format and fingerprint devices via hidden analytics SDKs.