Malicious AI-Made Extension with Ransomware Capabilities Sneaks on to Microsoft's Official VS Code Marketplace - so Devs Beware

Summary

A malicious Visual Studio Code extension named “susvsex” was published on Microsoft’s official marketplace, openly advertising that it would zip, upload and encrypt files from a user’s public folder. Security researcher John Tuckner discovered the extension was ransomware‑like, used GitHub as a command‑and‑control channel, and bore code comments indicating it was AI‑generated (“vibe‑coded”). The extension remained available despite an initial report to Microsoft, prompting a public outcry before the listing was finally taken down after about eight hours. The incident suggests the extension may have been a test of the marketplace’s review process, with investigators linking the code metadata to a GitHub user in Azerbaijan.