TigerJack Malicious VSCode and OpenVSX Extensions Steal Code and Mine Cryptocurrency
Security researchers have uncovered a coordinated campaign by the threat actor group TigerJack, which targets developers by publishing malicious extensions on both Microsoft's Visual Studio Code (VSCode) Marketplace and the OpenVSX registry. The campaign involves at least 11 different extensions distributed across multiple publisher accounts, with some extensions accumulating over 17,000 downloads before being removed from the official VSCode Marketplace. Despite removal from Microsoft's platform, these extensions remain active and available on the OpenVSX marketplace, which is used by alternative VSCode-compatible editors such as Cursor and Windsurf. The malicious extensions serve various purposes, including exfiltrating developers' source code, mining cryptocurrency using the host's resources, and maintaining persistent remote access. For example, the 'C++ Playground' extension registers a listener to capture and exfiltrate C++ source code in near real-time, while the 'HTTP Format' extension secretly runs a CoinIMP cryptominer in the background, consuming the host's processing power without restrictions. Some variants of the extensions are capable of fetching and executing remote JavaScript code, allowing TigerJack to dynamically update their payloads and potentially deploy additional threats such as credential stealers, ransomware, or API-harvesting scripts. The campaign demonstrates a high level of persistence, with TigerJack repeatedly re-uploading the same malicious code under new names and accounts after takedowns. The extensions are designed to appear as legitimate developer tools, increasing the likelihood of installation by unsuspecting users. The use of OpenVSX as a distribution channel poses a significant risk, as it is less regulated than Microsoft's marketplace and serves as the default for several popular IDEs. Researchers from Koi Security have been actively tracking the campaign and have highlighted the ongoing threat posed by these extensions, especially given their ability to maintain remote control and adapt their functionality without requiring updates. The campaign underscores the risks associated with third-party extension marketplaces and the importance of vetting and monitoring developer tools for malicious behavior. The technical sophistication of the extensions, particularly their ability to execute remote code and evade detection, raises concerns about long-term supply chain compromise within the developer ecosystem. Organizations and individual developers are advised to review installed extensions, monitor for suspicious activity, and prioritize security hygiene when sourcing tools from community-driven marketplaces. The continued presence of these extensions on OpenVSX, despite removal from the official VSCode Marketplace, highlights the challenges in fully eradicating such threats from the software supply chain. Security experts warn that the campaign is ongoing, with TigerJack actively seeking new ways to distribute their malicious payloads and compromise developer environments.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
OpenVSX is notified about the malicious extensions
OpenVSX was informed about the malicious extensions after their presence in the registry was identified. At the time of reporting, OpenVSX had not yet responded.
Koi Security discloses technical findings on TigerJack campaign
Koi Security reported that TigerJack's extensions supported source code theft, cryptomining, and remote payload delivery, creating risks such as credential and API key theft, ransomware deployment, and corporate network intrusion through developer machines. The disclosure also tied the resurfaced OpenVSX packages to the broader TigerJack campaign.
Removed extensions resurface on the OpenVSX registry
The same malicious extensions, including "C++ Playground" and "HTTP Format," later reappeared on the OpenVSX registry, extending the supply-chain risk to another extension ecosystem. Reports said the extensions could exfiltrate source code, deploy a CoinIMP cryptominer, and fetch additional JavaScript payloads dynamically.
Malicious extensions are removed from the VSCode Marketplace
At some point before mid-October 2025, at least two malicious extensions, "C++ Playground" and "HTTP Format," were removed from the official VSCode Marketplace. Their prior removal indicates the campaign had already been identified on Microsoft's extension platform.
TigerJack begins uploading malicious VSCode extensions
Since the beginning of 2025, a threat actor tracked as TigerJack uploaded at least 11 malicious Visual Studio Code extensions targeting developers. The extensions were designed for cryptocurrency theft, backdoor delivery, source code exfiltration, and covert payload execution.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
4 references tracked. Mallory keeps watching after this page renders.
Over 100 VS Code Extensions Exposed Developers to Hidden Supply Chain Risks
thehackernews.com
Open sourceTigerJack’s malicious VSCode extensions mine, steal, and stay hidden
csoonline.com
Open sourceIllicit VSCode extensions seek to pilfer cryptocurrency
scworld.com
Open sourceMalicious crypto-stealing VSCode extensions resurface on OpenVSX
bleepingcomputer.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Malicious VS Code Extensions Delivering Ransomware and Cryptomining Payloads
Malicious Visual Studio Code extensions have been discovered on the official marketplace, delivering both ransomware and cryptomining malware to unsuspecting users. One extension, identified as `suspublisher18.susvsex`, was found to contain ransomware functionality, including file encryption, exfiltration for extortion, and the use of GitHub as a command and control channel. The extension's package even included the command and control server code and decryption tools, suggesting a lack of sophistication but highlighting the ease with which such threats can bypass marketplace review processes. The ransomware was initially configured to target a test directory, but this could be easily changed in future updates, posing a significant risk to developers. In addition to ransomware, several other malicious VS Code extensions have been used to deploy cryptomining malware, particularly targeting users interested in coding themes and AI capabilities. Extensions published by "DevelopmentInc" masqueraded as legitimate tools, such as a Pokémon-themed syntax highlighter, but instead downloaded and executed Monero cryptominers. These payloads disabled Windows Defender, escalated privileges, and established persistence on infected systems. Although the identified malicious extensions have been removed from the marketplace, security researchers warn that similar threats may reappear, urging developers to remain vigilant when installing third-party extensions.
Mar 21, 2026
Malicious Visual Studio Code Extensions Distribute Infostealer Malware
Security researchers have identified two malicious extensions on the Microsoft Visual Studio Code Marketplace, named *Bitcoin Black* and *Codo AI*, which were designed to infect developer machines with information-stealing malware. These extensions, published under the developer name 'BigBlack', masqueraded as a premium dark theme and an AI-powered coding assistant, but secretly downloaded additional payloads, took screenshots, and exfiltrated sensitive data such as code, emails, Slack messages, WiFi passwords, clipboard contents, and browser sessions to attacker-controlled servers. Microsoft has since removed these extensions from the marketplace after their discovery, but not before they were downloaded and installed by several users. The malware leveraged PowerShell and batch scripts to download and execute payloads, with later versions hiding execution windows to evade user detection. Technical analysis revealed that both extensions delivered a legitimate Lightshot screenshot tool alongside a malicious DLL, which was loaded via DLL hijacking to deploy the infostealer under the name `runtime.exe`. The malicious DLL was detected by multiple antivirus engines and created persistence by establishing directories in the `%APPDATA%\Local\` path. The Codo AI extension embedded its malicious code within a functioning tool, making it harder to detect, while Bitcoin Black activated on every VS Code action. The campaign highlights the risks of third-party extensions in developer environments and the need for vigilance when installing tools from public marketplaces.
Mar 21, 2026
Malicious Extension Supply Chain Risk in AI-Powered VS Code Forks
A critical security flaw has been identified in several popular AI-powered integrated development environments (IDEs) forked from Visual Studio Code, including Cursor, Windsurf, and Google Antigravity. These IDEs, which collectively serve millions of developers, were found to recommend extensions that do not exist in their supported OpenVSX marketplace. Because these extensions' namespaces were unclaimed, attackers could register them and upload malicious packages, which would then be presented as official recommendations to users. Security researchers demonstrated the risk by claiming these namespaces and uploading harmless placeholder extensions, which were still installed by over 1,000 developers, highlighting the high level of trust placed in automated extension suggestions. The vulnerability arises from inherited configuration files that point to Microsoft's extension marketplace, which these forks cannot legally use, leading to reliance on OpenVSX. Both file-based and software-based recommendations can trigger the installation prompt for these non-existent extensions, such as when opening an `azure-pipelines.yaml` file or detecting PostgreSQL on a system. The incident underscores a significant supply chain risk, as malicious actors could exploit this gap to distribute harmful code, potentially resulting in the theft of credentials, secrets, or source code. Vendor responses varied, with some IDEs addressing the issue promptly after disclosure, while others were slower to react.
Mar 21, 2026