AI-Slop Ransomware Test Sneaks on to VS Code Marketplace

by Anika Shah - Technology
0 comments

AI-Powered ransomware Extension Found on VS Code Marketplace

A malicious extension with basic ransomware capabilities, seemingly created with the help of AI, has been published on Microsoft’s official VS Code marketplace.

Named susvsex and published by ‘suspublisher18,’ the extension’s malicious functionality is openly advertised in its description.

Secure Annex researcher John Tuckner discovered susvsex and says that it is the product of “vibe coding” and is far from sophisticated.

Wiz

Despite reporting the extension and its explicit description, which discloses file theft to a remote server and encryption of all files with AES-256-CBC, Microsoft ignored Tuckner’s report and did not remove it from the VS Code registry.

Tweet

How the ransomware extension works

The extension activates on any event,including on installation or when launching VS Code,initializing the ‘extension.js’ file that contains its hardcoded variables (IP, encryption keys, command-and-control address).

“Many of these values have comments which indicate that the code was not written directly by the publisher and very likely generated through AI,” Secure Annex explains.

Related Posts

Leave a Comment