AI-Created Malicious VS Code Extension and Trojanized npm Packages Raise New Supply Chain Security Concerns

Title: Concerns Rise Over AI-Generated Malicious VS Code Extension and Compromised npm Packages in Supply Chain Security

In recent developments in cybersecurity, researchers have uncovered a malicious extension for Visual Studio Code (VS Code) that appears to have been crafted using artificial intelligence. This alarming discovery highlights the emergence of a new category of malware that some experts have termed “vibe-coded.” The extension, referred to as “susvsex,” was flagged by Secure Annex researcher John Tuckner, who pointed out that it openly flaunts its harmful intentions without any attempt at obfuscation.

Discovered on November 5, 2025, the extension was uploaded by a user under the pseudonym “suspublisher18.” The description accompanying the extension made a startling revelation: it claimed to automatically compress, upload, and encrypt files from designated directories on Windows and macOS systems upon initial launch. The deceptive summary simply read “Just testing,” accompanied by a non-working email address. In response to this security threat, Microsoft promptly removed the extension from its official VS Code Marketplace.

Tuckner explained that the malicious extension was designed to trigger automatically during installation or when launched, activating a function called “zipUploadAndEncrypt.” This function was capable of compressing files from a predefined directory, exfiltrating sensitive data to an external server, and replacing the original files with encrypted versions. Although the initial target directory was set to a test staging area, minimizing immediate risks, Tuckner cautioned that it could easily be modified to target more sensitive locations in future updates or through commands sent via its command-and-control (C2) channel.

Adding to the complexity of this threat, the malicious VS Code extension utilized GitHub as part of its C2 infrastructure. It communicated with a private repository to receive commands from its operator and transmitted execution results back using a GitHub token embedded in the code. The repository was associated with a user identified as “aykhanmv” from Baku, Azerbaijan, whose account remains active, raising further concerns about the potential for ongoing malicious activities.

Tuckner noted several indications that the code was generated using AI, including excessive comments detailing functionality, README files with execution instructions, and placeholder variables—all suggestive of “vibe coded” malware. Notably, the package also contained unintentional inclusions such as decryption tools, C2 server code, and GitHub access keys, which could potentially enable other individuals to seize control of the server.

This incident coincides with another alarming discovery reported by Datadog Security Labs, which identified 17 malicious npm packages spreading the Vidar Infostealer malware. These packages, uploaded between October 21 and 26, 2025, masqueraded as legitimate SDKs but executed harmful post-install scripts that fetched malware from external servers.

These recent occurrences underscore an escalating threat landscape fueled by AI-assisted malware development, alongside the continuous risk of supply chain attacks within open-source ecosystems, such as npm, PyPI, RubyGems, and Open VSX. Cybersecurity experts are urging developers to adopt a proactive stance, emphasizing the importance of verifying sources and meticulously scrutinizing dependencies to mitigate the risk of compromise.

As the cyber threat landscape evolves, it is crucial for developers and organizations to remain vigilant. The rise of AI-generated malware represents not just a technical challenge but also a significant shift in the tactics employed by cybercriminals. By fostering a culture of security awareness and implementing robust verification processes, stakeholders can better protect themselves in this increasingly complex environment.

In conclusion, the emergence of AI-created malicious software, exemplified by the recent findings related to the VS Code extension and npm packages, highlights a troubling trend in supply chain security. This phenomenon necessitates an urgent response from the developer community to enhance their security practices and mitigate the risks associated with these sophisticated attacks. As cyber threats become more advanced, staying informed and prepared will be vital in safeguarding sensitive data and maintaining the integrity of software ecosystems.

**FAQ Section**

1. **What is a “vibe-coded” malware?**
“Vibe-coded” malware refers to malicious software that is created or generated using artificial intelligence tools, often exhibiting characteristics indicative of automated code generation, such as excessive comments and placeholder variables.

2. **What does the malicious VS Code extension do?**
The malicious VS Code extension, named “susvsex,” compresses, uploads, and encrypts files from specific directories on Windows and macOS systems, exfiltrating sensitive data to a remote server.

3. **How was the extension discovered?**
Cybersecurity researchers from Secure Annex discovered the extension during routine security checks, which revealed its harmful capabilities and led to its removal from the VS Code Marketplace by Microsoft.

4. **What steps can developers take to avoid compromised packages?**
Developers should practice due diligence by verifying the sources of their packages, reviewing dependencies carefully, and employing tools to scan for vulnerabilities and malicious code.

5. **Why is AI a concern in malware development?**
The utilization of AI in malware development raises concerns due to its ability to produce sophisticated and evasive malicious code that can bypass traditional security measures, making it more difficult to detect and neutralize.

6. **What other platforms are at risk of similar attacks?**
Besides npm, other open-source ecosystems such as PyPI, RubyGems, and Open VSX are also at risk of supply chain attacks, as they can be exploited by malicious actors to distribute harmful packages.