"The VS Code extension recommendations can take two different forms: file-based, which are displayed as toast notifications when users open a file in specific formats, or software-based, which are suggested when certain programs are already installed on the host. "The problem: these recommended extensions didn't exist on Open VSX," Koi security researcher Oren Yomtov said. "The namespaces were unclaimed. Anyone could register them and upload whatever they wanted.""
"In other words, an attacker could weaponize the absence of these VS Code extensions and the fact that the AI-powered IDEs are VS Code forks to upload a malicious extension to the Open VSX registry, such as ms-ossdata.vscode-postgresql. As a result, any time a developer with PostgreSQL installed opens one of the aforementioned IDEs and sees the message "Recommended: PostgreSQL extension," a trivial install action is enough to result in the deployment of the rogue extension on their system instead. This simple act of trust can have severe consequences, potentially leading to the theft of sensitive data, including credentials, secrets, and source code."
Popular AI-powered VS Code forks such as Cursor, Windsurf, Google Antigravity, and Trae recommend extensions that are not present in the Open VSX registry. These IDEs inherit recommended-extension lists from Microsoft's extensions marketplace, while Open VSX lacks matching entries. Recommendations appear as file-based toast notifications or as software-based suggestions tied to installed programs. Unclaimed namespaces allow anyone to register those extension names and upload packages like ms-ossdata.vscode-postgresql. Developers installing a recommended extension can unknowingly deploy a rogue package, risking theft of credentials, secrets, and source code. A placeholder PostgreSQL extension attracted at least 500 installs, showing user trust in recommendations.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]