MaliciousCorgi: The Cute-Looking AI Extensions Leaking Code from 1.5 Million Developers
SMRTR summary
Security researchers discovered MaliciousCorgi, two VS Code AI coding assistant extensions with 1.5 million combined installs that function as advertised while secretly harvesting user data. The extensions capture entire files when opened, enable server-controlled mass file collection, and run hidden analytics to profile developers. All data is transmitted to Chinese servers without user consent or disclosure.
SMRTR provides this summary for quick context. The original article belongs to Lobsters.
Read the original article