Themata.AI
Themata.AI

Popular tags:

#developer-tools#ai-agents#llms#claude#ai-ethics#code-generation#ai-safety#openai#anthropic#discussion

AI is changing the world. Don't stay behind. Clear summaries, community insight, delivered without the noise. Subscribe to never miss a beat.

© 2026 Themata.AI • All Rights Reserved

Privacy

|

Cookies

|

Contact
Back to all news
ai-assistantsdeveloper-toolsmalicious-extensionscode-security

MaliciousCorgi: AI Extensions send your code to China

Malicious VS Code AI Extensions Harvesting Code from 1.5M Devs

koi.ai

February 2, 2026

5 min read

🔥🔥🔥🔥🔥

49/100

Summary

Malicious AI extensions for Visual Studio Code are harvesting code from approximately 1.5 million developers. Many of these extensions, despite being in official marketplaces and having positive reviews, exploit granted access to workspaces and files for unauthorized data collection.

Key Takeaways

  • Two malicious VS Code extensions, identified as part of the MaliciousCorgi campaign, have a combined 1.5 million installs and capture every file opened and edited by users, sending this data to servers in China without consent.
  • The extensions operate three hidden data collection channels: real-time file monitoring, mass file harvesting, and a profiling engine that tracks user behavior and builds identity profiles.
  • The extensions are marketed as AI coding assistants and function as expected, making them particularly dangerous as they exploit user trust while exfiltrating sensitive code and personal data.
  • The server controlling the extensions can trigger mass file collection remotely, allowing for the potential exfiltration of up to 50 files without any user interaction.
Read original article

Community Sentiment

Negative

Concerns

  • The concern about AI extensions potentially sending code to external servers raises significant security and privacy issues, highlighting a major risk in using such tools.
  • There is a strong sentiment against using AI plugins in VS Code due to fears of data leakage, which could undermine trust in AI-assisted development.
  • The comparison of VS Code with other editors suggests that many users prefer faster and more secure alternatives, indicating dissatisfaction with the current state of AI integration.

Related Articles

Config Files That Run Code: Supply Chain Security Blindspot

Config Files That Run Code: Supply Chain Security Blindspot

Jun 8, 2026

Spying Chrome Extensions: 287 Extensions spying on 37M users

Chrome extensions spying on users' browsing data

Feb 11, 2026

Glassworm Returns: Invisible Unicode Malware Found in 150+ GitHub Repositories

Glassworm Is Back: A New Wave of Invisible Unicode Attacks Hits Repositories

Mar 15, 2026

How We Hacked McKinsey's AI Platform

AI Agent Hacks McKinsey

Mar 11, 2026

A GitHub Issue Title Compromised 4,000 Developer Machines

A GitHub Issue Title Compromised 4k Developer Machines

Mar 5, 2026