Full Report
A malicious extension with basic ransomware capabilities seemingly created with the help of AI, has been published on Microsoft's official VS Code marketplace. [...]
Analysis Summary
# Incident Report: AI-Generated Ransomware Extension on VS Code Marketplace
## Executive Summary
A malicious Visual Studio Code (VS Code) extension named `susvsex`, published by user `suspublisher18`, was discovered on Microsoft's official marketplace. The extension contained rudimentary ransomware capabilities, including file encryption (AES-256-CBC) and exfiltration of data to a remote server, likely created using AI assistance ("AI slop"). Although reported to Microsoft, the extension remained live long enough to be discovered by a researcher before its eventual removal.
## Incident Details
- **Discovery Date:** November 6, 2025 (Date of researcher publication/report)
- **Incident Date:** Unknown (Extension was published and active prior to discovery)
- **Affected Organization:** Developers installing the malicious extension.
- **Sector:** Technology/Software Development Tools (VS Code Marketplace)
- **Geography:** Origin of C2 server owner suggested near Azerbaijan; impact is global due to marketplace presence.
## Timeline of Events
### Initial Access
- **Date/Time:** Prior to November 6, 2025
- **Vector:** Malicious code injection into a published VS Code Extension.
- **Details:** The extension `susvsex` was uploaded to the official VS Code marketplace. Malicious code resided in the `extension.js` file, containing hardcoded C2 addresses, encryption keys, and IP information.
### Lateral Movement
- **Details:** The extension was programmed to poll a private GitHub repository using a hardcoded Personal Access Token (PAT) to check for commands, indicating a mechanism for remote attacker control.
### Data Exfiltration/Impact
- **Details:** Upon activation (on installation or VS Code launch), the extension executed the `zipUploadAndEncrypt` function. It located specified target directories, zipped the contents, exfiltrated the archive to a hardcoded C2 address, and then replaced the original files with AES-256-CBC encrypted versions.
### Detection & Response
- **Detection:** Discovered and reported by Secure Annex researcher John Tuckner on or before November 6, 2025.
- **Response Actions:** The researcher reported the issue to Microsoft. The extension was still present at the time of the initial report but was subsequently removed before the article's final publication time.
## Attack Methodology
- **Initial Access:** Publishing a malicious extension to a trusted repository (VS Code Marketplace).
- **Persistence:** Activation occurred on VS Code launch or installation.
- **Privilege Escalation:** Not explicitly detailed, but execution relies on permissions granted to the VS Code extension environment on the developer's machine.
- **Defense Evasion:** The malicious nature was overtly advertised in the extension's description (metadata obfuscation/overtness).
- **Credential Access:** Not directly targeted, but the extension utilized a hardcoded PAT to access a private GitHub repository, compromising that access token.
- **Discovery:** Implicit discovery of local file structures based on defined target directories.
- **Lateral Movement:** Command and control was established via polling a private GitHub repository for instructions.
- **Collection:** Files in target directories are archived via ZIP.
- **Exfiltration:** Exfiltration of the ZIP archive to a hardcoded C2 IP/address.
- **Impact:** File encryption (basic ransomware) and data theft.
## Impact Assessment
- **Financial:** Not specified, but potential for significant loss due to compromised intellectual property or project files for developers.
- **Data Breach:** Unspecified volume of user files targeted for theft and encryption. Data targeted appears to be project/source code files.
- **Operational:** If installed, developers would face immediate operational disruption due to file encryption.
- **Reputational:** Damage to Microsoft's trust in the integrity of the VS Code Marketplace vetting process.
## Indicators of Compromise
- **Network indicators (Defanged):** Remote connection attempts to C2 address (Details need further specification, only C2 IP/domain mentioned implicitly).
- **File indicators:** Presence of the `susvsex` extension; creation of encrypted file versions; presence of the marker text file.
- **Behavioral indicators:** Execution of `extension.js` upon VS Code launch; creation of ZIP archives containing target user files; outbound network connections to an undisclosed C2 server.
## Response Actions
- **Containment Measures:** Reporting the malicious extension to Microsoft for removal.
- **Eradication Steps:** Microsoft needed to delist/remove the extension from the marketplace (achieved pending article publication). Users who installed it would need to manually remove the extension and attempt file recovery/restoration.
- **Recovery Actions:** Not specified, but assumed manual decryption or restoration from backups would be required for affected users.
## Lessons Learned
- **Key Takeaways:** AI-generated malicious code is accessible and being deployed rapidly into trusted software supply chains. Explicitly advertising malicious intent does not guarantee immediate removal by platform gatekeepers.
- **What could have been done better:** Microsoft's security vetting process for the VS Code Marketplace failed to detect and remove an extension that overtly advertised ransomware and data theft capabilities.
## Recommendations
- **Prevention measures for similar incidents:** Implement rigorous, automated static and dynamic analysis of extension code before publishing, irrespective of the extension's description. Review and significantly tighten security vetting for all newly published extensions, especially those interacting with the file system. Developers should restrict extension permissions where possible and be highly cautious about installing extensions from unknown publishers.