In a suspected test effort, unknown actors have successfully embedded a strain of ransomware-style behavior, dubbed Ransomvibe, into extensions listed for Visual Studio Code.
According to Secure Annex findings, the malicious code published to the VSCode extension marketplace was clearly vibe-coded, lacking any real sophistication.
“This is not a sophisticated example as the command and control server code was accidentally(?) included in the published extension’s package along with decryption tools,” said Secure Annex’s John Tuckner, adding that the extension included a “blatantly malicious” marketplace description.
Despite the extension carrying obvious red flags, the code slipped past Microsoft’s review filters and remains available even after being reported, Tuckner said in an X post.
The malicious code includes file encryption and theft capabilities.
Obvious AI-slop in the “Ransomvibe” POC
According to Tuckner, the malicious Visual Studio Code extension, named “suspicious VSX” and published under the equally telling alias “Suspicious publisher,” was hiding its payload in plain sight.
The extension, listed as “suspublisher18.susvsex”, included “package.json” that automatically activated on any event, even during installation, while offering command palette utilities to “test command and control” functions. Inside the “extension.js” entrypoint, researchers found hardcoded variables including server URL, encryption keys, C2 destinations, and polling intervals. Most of these variables carried comments indicating the code was generated through AI.
When triggered, the extension initiates compression and encryption of files inside a designated directory, uploading them to a remote command server.
Tucker noted that the target directory was configured for testing, but could easily be swapped for a real filesystem path in a future update or by remote command. The extension contained two decryptors, one in Python and one in Node, along with a hardcoded decryption key, eliminating the possibility of malicious intent.
Extension pointed to a GitHub-based C2
Ransomvibe deployed a rather unusual GitHub-based command-and-control (C2) infrastructure, instead of relying on traditional C2 servers. The extension used a private GitHub repository to receive and execute commands. It routinely checked for new commits in a file named “index.html”, executed the embedded commands, and then wrote the output back into “requirements.txt” using a GitHub Personal Access Token (PAT) bundled inside the extension.
Apart from enabling exfiltration of host data, this C2 behavior exposed the attacker’s own environment, traces of which pointed to a GitHub user in Baku, whose time zone matched the system data logged by the malware itself.
Secure Annex calls this a textbook example of AI-assisted malware development, featuring misplaced source files (including decryption tools and the attacker’s C2 code) and a README.md file that explicitly describes its malicious functionality. But Tuckner argues that the real failure lies in Microsoft’s marketplace review system, which failed to flag the extension.
Microsoft said it had removed the extension from the marketplace. Every extension’s page in the marketplace contains a “Report Abuse” link, and the company investigates all reports, it said; where the malicious nature of an extension is verified, or where a vulnerability is found in an extension dependency, the extension is removed from the marketplace, added to a block list, and automatically uninstalled by VS Code, it said. Enterprises wishing to prevent access to the marketplace can do so by blocking specific endpoints, it added.
Recent incidents have shown that malicious or careless extensions are becoming a recurring problem in the Visual Studio Code ecosystem–with some leaking credentials and others quietly stealing code or mining cryptocurrency. Apart from a list of IOCs shared, Secure Annex released the Secure Annex Extension Manager, a tool designed to block known malicious extensions and inventory installed add-ons across an organization.