If you use Visual Studio Code every day, this might make you pause for a moment.
Recent research found that more than a hundred popular VS Code extensions accidentally leaked sensitive information — like access tokens — that could let hackers sneak in and spread malicious updates.
This discovery highlights a growing issue with VS Code extension security risks and reminds developers just how fragile the software supply chain can be. Something as small as a forgotten key inside an extension could open the door for serious trouble.
How the Discovery Happened
The team at Wiz Security decided to take a closer look at the extensions uploaded to the VS Code Marketplace. What they found was unsettling — more than 100 extensions contained leaked personal access tokens (PATs).
According to Rami McCarthy, one of Wiz’s researchers, a single leaked token could have given attackers the power to push out malicious updates directly to thousands of developers. In short, one small mistake could have turned into a massive malware distribution event across the VS Code ecosystem.
It’s a classic reminder that even trusted tools can become attack paths when developers accidentally expose sensitive credentials.
Why VS Code Extensions Are Risky Business
We all love extensions — they make VS Code so much more powerful. Whether it’s for debugging, styling, or connecting to APIs, extensions are what make coding smooth.
But here’s the flip side: every extension you install is another piece of code running on your machine, and that means another opportunity for risk.
Most VS Code extensions are shipped as .vsix files, which anyone can unzip and inspect. That means if a developer accidentally leaves API keys or tokens inside, those secrets can easily end up in the wrong hands. Once an attacker finds those keys, they can impersonate the publisher, upload new (malicious) versions, or steal data from users.
That’s why experts keep emphasizing that VS Code extension security risks are not just theoretical—they’re happening right now.
What the Researchers Found
The Wiz team didn’t just find a few stray tokens. They uncovered over 550 valid secrets buried inside more than 500 different extensions, coming from hundreds of publishers.
Those leaked secrets included keys for:
- AI platforms like OpenAI, Gemini, Anthropic, and Hugging Face
- Cloud providers such as AWS, Google Cloud, and GitHub
- Payment and authentication services including Stripe and Auth0
- Databases like MongoDB, PostgreSQL, and Supabase
Each of these leaks could have been used in harmful ways — from taking over extension accounts to stealing sensitive data. It’s a reminder that one careless commit can put thousands of users at risk.
Marketplace Tokens: A Small Leak with Big Consequences
The report also revealed that more than 100 extensions leaked VS Code Marketplace access tokens, affecting roughly 85,000 installations. Another 30 extensions leaked Open VSX tokens, which represented around 100,000 installs.
If those numbers don’t sound scary enough, consider this: AI-based code editors like Cursor and Windsurf, which rely on Open VSX, are also exposed to these same risks. That means attackers could potentially use those tokens to push fake updates to a much larger audience without any warning.
It’s a chain reaction waiting to happen — and it shows how interconnected the software ecosystem has become.
When Internal Tools Get Hit Too
One of the most shocking discoveries from Wiz involved a $30 billion company that accidentally leaked a token inside one of its internal extensions. If that token had been abused, attackers could have injected malware right into the company’s private developer environment.
Thankfully, Microsoft responded quickly when informed. The company revoked all the exposed tokens and rolled out a secret scanning system to automatically block extensions that contain sensitive information. From now on, developers will get alerts if secrets are detected before an extension goes live.
It’s a solid step forward — but it also shows how fragile even corporate setups can be when VS Code extension security risks are ignored.
Simple Ways Developers Can Stay Safe
Protecting yourself doesn’t mean giving up on extensions altogether — it’s about using them wisely. Here are a few habits every developer should pick up:
1️⃣ Install Less, Trust More
Only use extensions you truly need and from publishers you recognize. Each one you add increases your exposure.
2️⃣ Check Before You Install
If an extension’s source code is public, scan through it. Look for any hard-coded tokens or suspicious code.
3️⃣ Turn Off Auto-Updates
As convenient as auto-updates are, they can install infected versions without you knowing. It’s safer to review updates manually.
4️⃣ Keep an Extension Inventory
Know what’s installed across your team. That way, if a vulnerability is reported, you can act fast.
5️⃣ Create an Internal Allowlist
For companies, having a whitelist of approved extensions is a simple but powerful defense.
These steps may seem small, but they drastically cut down your exposure to VS Code extension security risks.
Enter TigerJack: A Threat Actor in Disguise
While Wiz uncovered accidental leaks, another story was unfolding. A cybercriminal group named TigerJack was caught publishing fake but functional VS Code extensions that secretly carried malware.
Researchers at Koi Security discovered at least 11 of these extensions floating around the VS Code Marketplace. They looked totally harmless — clean descriptions, proper functionality, and no obvious red flags. But behind the scenes, they were stealing code, mining crypto, and even creating backdoors for remote control.
It’s the perfect trap: something that seems helpful but hides something far more dangerous.
How the Malicious Extensions Worked
Two of TigerJack’s extensions — C++ Playground and HTTP Format — had already been downloaded over 17,000 times before being taken down.
The first one logged keystrokes and sent copies of your source code to an attacker’s server. The second quietly ran the CoinIMP crypto miner, draining CPU power in the background.
Even worse, some of their other extensions connected to remote servers every 20 minutes to download new malicious instructions. That means they could install ransomware, steal credentials, or spy on activity without ever updating through the marketplace.
It’s sneaky, smart, and terrifying — and a perfect example of why you can’t blindly trust every shiny new plugin.
The Trojan Horse Problem
The scariest part? Most of TigerJack’s extensions started out totally legitimate. They were genuinely helpful tools that earned good reviews and user trust. Then, after a few weeks, the attackers quietly pushed out a “routine” update that injected malicious code.
It’s the digital equivalent of a Trojan horse — harmless at first, but devastating once inside.
Even cautious developers who checked the code before installation could get hit later on.
Microsoft’s Defense and What’s Still Missing
To tackle these threats, Microsoft says it runs every new extension through a multi-step review process. It scans for malware, tests runtime behavior in a sandbox, and performs periodic rechecks of existing extensions.
That’s reassuring — but here’s the catch: these protections only apply to the VS Code Marketplace. Platforms like Open VSX, where many third-party editors pull their extensions from, don’t have the same safeguards.
That means even if a malicious extension gets kicked off Microsoft’s marketplace, attackers can reupload it elsewhere and keep spreading it. Until there’s a unified security approach, this cat-and-mouse game will continue.
Lessons About Supply Chain Security
The lesson here goes far beyond VS Code. It’s about how deeply we’ve come to depend on external code — libraries, APIs, plugins — and how every one of them can become a weak link if left unchecked.
Organizations can protect themselves by:
- Using code signing for internal extensions
- Running automated secret scanning
- Enforcing zero-trust policies for developer tools
- Training developers to spot red flags before installing
In the end, protecting the software supply chain isn’t just about technology — it’s about awareness and discipline.
Final thoughts
The exposure of secrets in over a hundred VS Code extensions is a loud wake-up call. It shows that even tools built to make developers’ lives easier can turn against them if security isn’t handled properly.
VS Code extension security risks will always exist to some degree, but with smart habits and better checks, developers can stay ahead of attackers. It’s not about fear — it’s about being alert. The next time you click “Install Extension,” take a moment to think: Do I really trust this code?
Because in today’s connected world, a little caution goes a long way.
