criticalPlugin·

AGS-2026-0013

VS Code extensions 'ChatGPT 中文版' + 'ChatMoss' exfiltrate file contents — 1.5M installs

What happened

Two malicious extensions in the Microsoft Visual Studio Code Marketplace — ChatGPT – 中文版 (1.34M installs) and ChatMoss / CodeMoss (150K installs) — silently exfiltrate file contents to servers in China.

How it works

  • Real-time monitoring of any file opened in VS Code.
  • Entire file contents Base64-encoded and POSTed to the attacker's collector.
  • Subsequent edits are also captured incrementally.

This includes anything you opened: source code, .env files, SSH config, password managers' temp files.

Self-check

AgentGuard subscribers receive this advisory automatically and their local guard runs the inspection below.

References