VSCode IDE forks expose users to "recommended extension" attacks

Key Points:

• Vulnerabilities in AI-powered VSCode forks allow threat actors to exploit unclaimed namespaces for malicious extension uploads.
• Impact includes potential malware distribution to users of Cursor, Windsurf, and Google Antigravity IDEs, as they recommend extensions that may not exist in the OpenVSX registry.
• Recommended actions include verifying extension recommendations against the OpenVSX registry and ensuring they come from reputable publishers.

Technical Details: The issue arises from the hardcoded recommendations in the configuration files of these IDEs, which point to Microsoft’s Visual Studio Marketplace. Threat actors can claim unregistered namespaces to distribute malicious extensions.

MITRE ATT&CK Techniques: None mentioned

IOCs Mentioned: None mentioned