com.” Upon the first launch of VS Code, the extension automatically zips, uploads, and encrypts files from specific directories on Windows (C:\Users\Public\testing) or macOS (/tmp/testing).
Tuckner notes that the TARGET_DIRECTORY can be easily updated with an extension release or through a command sent via the C2 channel. “Fortunately, the TARGET_DIRECTORY is configured to be a test staging directory so it would have little impact right now,” Tuckner explains, emphasizing the potential risks if these configurations were altered.
Command-and-Control Mechanisms and GitHub Integration
The malicious extension uses GitHub as its command-and-control (C2) server. It polls a private GitHub repository for new commands to be executed by parsing the “index.html” file. The results of these commands are then written back to the same repository in the “requirements.txt” file, using a GitHub access token embedded within the code.
The GitHub account associated with this repository is “aykhanmv,” which claims to be from Baku, Azerbaijan.
Tuckner points out that extraneous files, README files with execution instructions, and placeholder variables are clear signs of ‘vibe-coded’ malware. Furthermore, the extension package accidentally included decryption tools, command-and-control server code, and GitHub access keys, increasing the risk of unauthorized use.
Additional Supply Chain Attack Revealed
Meanwhile, a separate supply chain attack has been identified by Datadog Security Labs, where 17 npm packages masqueraded as benign software development kits but were found to be stealthily executing Vidar Stealer on infected systems. The packages were first flagged on October 21, 2025, and the next day, with subsequent uploads on October 26, by accounts called “aartje” and “saliii229911.”
These packages were downloaded at least 2,240 times before being taken down. However, many of these downloads could likely have been automated scrapers rather than actual users.
The attack chain involves a postinstall script specified in the “package.json” file that downloads and executes a ZIP archive containing the Vidar executable from an external server.
Some variants include a post-install PowerShell script embedded directly in the package.json file, which further complicates detection by traditional antivirus solutions. The Vidar 2.0 samples use hard-coded Telegram and Steam accounts as dead drop resolvers to fetch the actual C2 server, adding another layer of complexity for defenders.
Industry Context and Recommendations
This discovery is part of a broader trend of supply chain attacks targeting open-source ecosystems. Security experts advise developers to perform due diligence, review changelogs, and be wary of techniques like typosquatting and dependency confusion before installing packages from the npm registry.
“It is not clear why MUT-4831 chose to vary the postinstall script in this way,” security researchers Tesnim Hamdouni, Ian Kretz, and Sebastian Obregoso noted. “One possible explanation is that diversifying implementations can be advantageous to the threat actor in terms of surviving detection.”
As these sophisticated attacks continue to evolve, it becomes increasingly important for both developers and organizations to stay vigilant and implement robust security measures to protect against potential breaches.
