The threat involves AI-powered forks of Microsoft Visual Studio Code (VS Code) — specifically Cursor, Windsurf, Google Antigravity, and Trae — which recommend extensions that are officially listed in Microsoft's extension marketplace but are absent from the Open VSX registry, an alternative open-source extension repository. These forks inherit extension recommendations from Microsoft's marketplace, but since the recommended extensions do not exist in Open VSX, their namespaces remain unclaimed. This creates a supply chain vulnerability where malicious actors can register these missing extension names in Open VSX and upload malicious packages. When developers using these forks see recommendations for such extensions (e.g., PostgreSQL extension ms-ossdata.vscode-postgresql) and install them, they inadvertently deploy potentially harmful code. This code can exfiltrate sensitive information such as credentials, secrets, and source code, compromising confidentiality and integrity. Koi security researchers demonstrated this risk by registering placeholder malicious extensions, which quickly attracted hundreds of installs, indicating developers' trust in IDE recommendations. The problem stems from a disconnect between Microsoft's official extension marketplace and Open VSX, combined with the forks' reliance on the former's recommendations without verifying availability in the latter. In response, affected forks have released fixes to prevent recommending non-existent extensions, and the Eclipse Foundation has removed non-official contributors and implemented registry-level safeguards in Open VSX. Despite these measures, the risk highlights the broader challenge of supply chain security in open-source ecosystems and the need for developers to verify extension authenticity before installation.

For European organizations, this threat poses a significant supply chain risk, especially for software development teams relying on AI-powered VS Code forks that integrate Open VSX for extensions. The installation of malicious extensions can lead to unauthorized access to sensitive corporate data, including source code, credentials, and secrets, potentially resulting in intellectual property theft, data breaches, and compliance violations under regulations like GDPR. The stealthy nature of this attack—leveraging trusted IDE recommendations—can bypass traditional security controls and evade detection. Organizations with development environments that incorporate these forks or use Open VSX extensions are particularly vulnerable. The impact extends beyond individual developers to the broader software supply chain, potentially affecting downstream applications and services. Additionally, the risk of credential theft can facilitate lateral movement within corporate networks, escalating the severity of breaches. The medium severity rating reflects the ease of exploitation (simple install action), the potential for significant data compromise, and the widespread use of VS Code forks in development workflows.

European organizations should implement the following specific mitigations: 1) Enforce strict policies to restrict installation of VS Code extensions to those sourced only from verified and official registries, preferably Microsoft's official marketplace rather than Open VSX, unless the latter is fully vetted. 2) Educate developers about the risks of blindly trusting IDE extension recommendations, emphasizing manual verification of publisher authenticity and extension existence in the intended registry before installation. 3) Employ endpoint security solutions capable of monitoring and alerting on suspicious extension installations or unusual IDE behaviors indicative of malicious activity. 4) Integrate software composition analysis (SCA) tools into development pipelines to scan installed extensions for known vulnerabilities or malicious indicators. 5) Collaborate with IDE vendors and open-source registry maintainers to ensure synchronization of extension listings and timely patching of recommendation mechanisms. 6) Regularly audit development environments for unauthorized or suspicious extensions and remove them promptly. 7) Consider network-level controls to restrict access to untrusted extension registries or repositories. 8) Encourage use of signed extensions and verify digital signatures where supported to ensure integrity and authenticity.