A new type of VSCode phishing attack is targeting freelancers via Upwork. Here’s how it works and how to protect yourself.
Hi, I'm Peter and I ...
For further actions, you may consider blocking this person and/or reporting abuse
This is a real eye-opener. I usually think about security in my code, but I don't always think about the security of the editor itself. It is a great reminder to be more careful about which extensions I install on my Windows machine. Thanks for sharing these risks!
Good to know about this attack vector. My instict are saved me, because on project which I work I add .vscode/ to .gitignore.
In other way my editor preference is vim, zed, nvim, VScode.
But for my focus on minimalism I am writing a cli based editor in rust, even a lot fever funcionality than vim
I haven't checked if vim et al have lifecycle hooks that can be exploited, but I know what rabbit-hole I'm going down for the day!
Unfortunately, this won't save you from this particular attack because the creator of the repo didn't add it to the
.gitignoreso when you clone it is already in the project.In general I agree though; saving the
.vscodefolder to the repo is something that only makes sense on a team repo, and even then I would prefer to just enforce anything I need to enforce in the CI pipeline. I don't care what is happening on the dev's local machine.I really rare clone repo from github for example, that why do not open in VSCode
Maybe I missing where this attack happen not under local development, when you open a repo with .vscode/task.json ?
Oh okay. I misunderstood what you were saying. If you don't use VSCode, you are immune to this specific attack.
I think that "tooling as an attack vector" is the wider danger though. As @nedcodes pointed out, git hooks and husky also introduce this type of repository-level attack. They're not auto-initiated, but the risks are similar.
Solid writeup. The folderOpen task execution is genuinely scary - most devs I know have never even looked at .vscode/tasks.json in repos they clone.
This extends to AI coding tools too. A malicious .cursorrules or CLAUDE.md in a repo could influence the AI to generate vulnerable code, disable security checks, or exfiltrate context through crafted suggestions. The trust boundary keeps expanding and most people aren't thinking about it.
100%. Everything works on a "local is trusted" model that is no longer true and our machines hold valuable credentials in a way they just didn't a few years ago.
Your point about AI is very powerful. If you let an agent run wild, it's very hard to be sure nothing on the environment level was changed. Git doesn't track that.
Exactly. And git hooks are another blind spot - most people run whatever is in .husky/ or .git/hooks/ without a second thought. The whole local dev environment is basically an honor system at this point.
Lucky all the big players are trying to move local to the cloud. 💀
what a nasty attack that is.
Yeah, I think it's scary because we are the targets. It's a dev hunting game for them.
Let the dev hunting games begin! .. just joking 😆
Very good article, very clear, thanks for sharing and saving the developers from this attack. VS Code should take note of this to prevent these types of attacks.