The IDE extension that steals every developer's secrets
A popular VS Code or OpenVSX extension auto-updates to a malicious version that reads env vars, tokens, and SSH keys from every dev that installs it. Removing it is not containment.
IDE extensions run with the developer’s permissions and auto-update, so a popular extension that gets taken over becomes a developer supply-chain weapon. It steals secrets from every developer who installs it, and the harm fans out across your whole engineering org.
How the attack works
A popular extension publishes a new version, and developers’ editors auto-update on next launch. On activation, the new version reads environment variables, local token files, and SSH private keys with the developer’s permissions, behavior absent from prior versions. The collected secrets are posted to an attacker-controlled endpoint, and one exfiltrated token is soon replayed against an internal service from an external IP. In ATT&CK terms this is T1195, Supply Chain Compromise, with T1552, Unsecured Credentials.
Why it works
Any developer could install any marketplace extension, which then ran with full user permissions, auto-updated without vetting, and found secrets sitting in plaintext env vars and files. A single popular extension becomes a fleet-wide foothold the moment its publisher is taken over.
How to fix it
Treat this as a developer supply-chain compromise. Remove the extension fleet-wide through endpoint management rather than asking devs to uninstall at their convenience, then rotate every credential it could have read, since the secrets are already exfiltrated and stay valid until rotated. Blocking the marketplace domain does not remove what is installed. Scope the affected machines from endpoint and EDR telemetry correlated with the malicious version history, not marketplace install counts. As a class fix, pin and allowlist extensions to vetted publishers and versions, gate auto-update, vault secrets out of plaintext, and monitor endpoints for extension secret-access behavior.
Practice it
We built this as a GraphLattice Range scenario so developers can rehearse a fleet-wide removal, rotating all exposed dev credentials, and scoping affected machines from endpoint telemetry.