Security researchers have uncovered a malicious campaign dubbed MaliciousCorgi, targeting developers with AI-powered VS Code extensions. These extensions, disguised as helpful coding assistants, are secretly harvesting and transmitting developers' code to servers in China. Over 1.5 million developers have installed these compromised extensions, including "ChatGPT - 中文版" and "ChatMoss (CodeMoss)".

The extensions function as advertised, offering code suggestions and error explanations, making them appear legitimate. However, they also monitor file access in real-time and allow the server to remotely trigger the collection of up to 50 files at a time. This includes potentially sensitive information like API keys, credentials, and proprietary source code, which poses a significant security risk.

Further compounding the issue, the extensions incorporate hidden analytics SDKs to profile users, building detailed behavioral profiles. This allows attackers to target the most valuable code. Developers should be cautious about installing AI coding tools, ensuring they vet the tools for code security. This incident underscores the importance of scrutinizing extensions, even those from reputable marketplaces.

This incident highlights a growing concern in the AI-powered development space. With the increasing adoption of AI tools, developers must prioritize security and implement robust measures to protect their intellectual property. Going forward, developers need to be vigilant about the tools they use and the permissions they grant, and the development community will need to build better safeguards.