Researchers at Secure Annex have identified a malicious Visual Studio Code Marketplace extension posing as a benign developer tool yet exhibiting core ransomware-like behavior. The package, named susvsex and published by suspublisher18, blends data exfiltration with on‑disk file encryption, underscoring how IDE extensions can be weaponized for developer supply chain attacks.
Secure Annex findings: overt capabilities and moderation blind spots
According to the analysis, the extension’s description and README explicitly advertise two functions: uploading files to a remote server and encrypting all local files with AES‑256‑CBC. Such candor is unusual for threat actors and likely reflects an experiment to test the effectiveness of Microsoft’s marketplace moderation and the trust developers place in widely used platforms.
Technical analysis of the “susvsex” VS Code extension
Hardcoded configuration and AI‑generated “slop”
The package includes an extension.js file with hardcoded values—an IP address, cryptographic keys, and a command‑and‑control endpoint. Code comments and structure suggest that large portions were generated by AI. Secure Annex describes the sample as “AI slop”: rough code that nonetheless can inflict real damage with minimal refinement.
Activation, exfiltration, and AES‑based encryption
The extension triggers on any activation event, including installation or VS Code startup, invoking a routine called zipUploadAndEncrypt. This function checks for a marker, collects targeted data into a ZIP archive, transmits it to a preset remote server, then replaces original files with encrypted versions. The encryption uses AES‑256‑CBC, a strong symmetric algorithm that, without the proper key and initialization vector, makes recovery difficult. While the implementation appears unsophisticated, simple changes—such as per‑victim key generation—could significantly raise the impact.
Remote control via private GitHub using a PAT token
In parallel, the extension polls a private GitHub repository using a Personal Access Token (PAT), reading an index.html file to obtain commands. A PAT is a long‑lived credential that grants programmatic access to GitHub resources, and misuse can enable covert command‑and‑control. Secure Annex reports telemetry indicating the repository owner may be located in Azerbaijan.
Why this matters: developer supply chain exposure
Development environments are attractive targets: compromising a single workstation can yield source code, secrets, and CI/CD credentials. Marketplace extensions are particularly risky because users often assume they are vetted. Prior industry research has repeatedly shown that limited pre‑publication screening and weak publisher verification can allow malicious or hijacked extensions to spread. Minor enhancements to this sample—concealing network beacons, generating unique keys per host, or targeting specific repositories—could elevate it to full‑fledged ransomware or stealer capability.
Behavioral indicators and what to watch for
Potential indicators of compromise include the VS Code process initiating ZIP archival of user files; unexpected outbound connections to unknown hosts immediately after installing an extension; presence or use of GitHub PAT tokens within the editor profile; and unusual access to private GitHub resources. Sudden replacement of local files with encrypted counterparts, especially after an IDE event, is a critical red flag.
Actionable defenses for organizations and developers
Restrict extension installations to allow‑listed publishers, verify signatures when available, and maintain an inventory of IDE extensions. Enable and enforce Workspace Trust in VS Code to limit execution of untrusted code and tasks from unfamiliar folders. Implement egress controls and monitor IDE network activity, ZIP creation events, and cryptographic operations. Add EDR/SIEM rules to flag scripts and binaries executed from VS Code’s extensions directory.
Audit use of GitHub PAT tokens: minimize scopes, enforce short lifetimes, rotate frequently, and store secrets in dedicated vaults—not editor settings. Reduce blast radius through regular backups of critical source code and build artifacts, segmentation of developer networks, least‑privilege policies, and MFA on repositories. Train teams to spot warning signs in extension metadata (publisher identity, install counts, reviews, and source repository) and to report anomalies promptly.
Secure Annex states it has notified Microsoft; however, the extension reportedly remains available. Organizations should immediately block susvsex, scan developer workstations for suspicious extension activity, and strengthen internal policies for tooling and marketplace governance. Proactive control over the extension ecosystem reduces the likelihood of code compromise, data loss, and downstream supply chain impact.
