MaliciousCorgi: The Cute-Looking AI Extensions Leaking Code from 1.5 Million Developers
Summary
Koi Security's MaliciousCorgi report reveals two VS Code AI coding extensions with 1.5M installs that secretly exfiltrate code and profile users, sending data to servers in China. The three-channel exfiltration (real-time file monitoring, mass harvesting, and a profiling webview) exposes sensitive files and credentials, highlighting risks when adopting AI tooling in development workflows. The piece advocates for proactive extension vetting, environment scanning, and blocking malicious extensions to maintain productivity without sacrificing security.