[MALWARE] 0.4.11 on OpenVSX is COMPROMISED #1
Description
🚨 Security Alert: Malicious Version Detected on Open VSX
Hi @alexsoyes
I’m a malware researcher at Aikido Security. I wanted to let you know that we’ve identified a compromised version of your VS Code extension published on Open VSX.
Specifically:
ai-driven-dev/ai-driven-dev@0.4.11
This version appears to contain hidden Private Use Area (PUA) Unicode characters that decode and execute malicious payloads at runtime. This is part of a new attack wave targeting open-source extensions and repositories, which we documented in our write-up here: https://www.aikido.dev/blog/the-return-of-the-invisible-threat-hidden-pua-unicode-hits-github-repositorties.
We’ve already contacted Open VSX directly so they can take action on their side, but I wanted to make sure you’re aware as the maintainer. It would be a good idea to:
- Rotate your tokens and any associated credentials
- Enable MFA wherever possible
- Review recent account activity to ensure no other projects are affected
- Publish a new, clean version of the extension to help protect your users
We are still investigating the source of this attack, but we’ve seen a couple of similar attacks affecting other projects today.
If you’d like more technical details from our findings, I’d be happy to share them.