MaliciousCorgi: AI Extensions send your code to China
koi.ai
February 2, 2026
5 min read
🔥🔥🔥🔥🔥
49/100
Summary
Malicious AI extensions for Visual Studio Code are harvesting code from approximately 1.5 million developers. Many of these extensions, despite being in official marketplaces and having positive reviews, exploit granted access to workspaces and files for unauthorized data collection.
Key Takeaways
- Two malicious VS Code extensions, identified as part of the MaliciousCorgi campaign, have a combined 1.5 million installs and capture every file opened and edited by users, sending this data to servers in China without consent.
- The extensions operate three hidden data collection channels: real-time file monitoring, mass file harvesting, and a profiling engine that tracks user behavior and builds identity profiles.
- The extensions are marketed as AI coding assistants and function as expected, making them particularly dangerous as they exploit user trust while exfiltrating sensitive code and personal data.
- The server controlling the extensions can trigger mass file collection remotely, allowing for the potential exfiltration of up to 50 files without any user interaction.
Community Sentiment
Concerns
- The concern about AI extensions potentially sending code to external servers raises significant security and privacy issues, highlighting a major risk in using such tools.
- There is a strong sentiment against using AI plugins in VS Code due to fears of data leakage, which could undermine trust in AI-assisted development.
- The comparison of VS Code with other editors suggests that many users prefer faster and more secure alternatives, indicating dissatisfaction with the current state of AI integration.
