You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I’m a malware researcher at Aikido Security. I wanted to let you know that we’ve identified a compromised version of your VS Code extension published on Open VSX.
We’ve already contacted Open VSX directly so they can take action on their side, but I wanted to make sure you’re aware as the maintainer. It would be a good idea to:
Rotate your tokens and any associated credentials
Enable MFA wherever possible
Review recent account activity to ensure no other projects are affected
Publish a new, clean version of the extension to help protect your users
We are still investigating the source of this attack, but we’ve seen a couple of similar attacks affecting other projects today.
If you’d like more technical details from our findings, I’d be happy to share them.
🚨 Security Alert: Malicious Version Detected on Open VSX
Hi @alexsoyes
I’m a malware researcher at Aikido Security. I wanted to let you know that we’ve identified a compromised version of your VS Code extension published on Open VSX.
Specifically:
ai-driven-dev/ai-driven-dev@0.4.11This version appears to contain hidden Private Use Area (PUA) Unicode characters that decode and execute malicious payloads at runtime. This is part of a new attack wave targeting open-source extensions and repositories, which we documented in our write-up here: https://www.aikido.dev/blog/the-return-of-the-invisible-threat-hidden-pua-unicode-hits-github-repositorties.
We’ve already contacted Open VSX directly so they can take action on their side, but I wanted to make sure you’re aware as the maintainer. It would be a good idea to:
We are still investigating the source of this attack, but we’ve seen a couple of similar attacks affecting other projects today.
If you’d like more technical details from our findings, I’d be happy to share them.