← Back to all briefs
Security50s read

TeamPCP Supply Chain Attack Escalates: Poisoned VS Code Extensions Now in Play

The threat group behind the Miasma worm has expanded its attack surface to VS Code extensions, using them as a vector to compromise GitHub accounts and inject malicious code into open source projects.

TeamPCP, the threat group linked to the Miasma npm attacks that backdoored dozens of Red Hat packages at 72 seconds per batch, has widened its campaign to include poisoned VS Code extensions. The new vector works by compromising a developer's VS Code environment through a seemingly legitimate extension, then using stored GitHub tokens to push malicious commits to repositories the developer contributes to.

The escalation changes the threat model for frontend teams. The original Miasma attacks targeted npm publish credentials. This phase targets development environments directly. A compromised extension can read your .gitconfig, extract GitHub tokens from VS Code's authentication store, modify files before you commit them, and inject malicious dependencies into package.json without leaving obvious traces in the diff you review.

The attack surface is large because VS Code extensions run with significant trust. They have filesystem access, can spawn processes, and can read environment variables, including CI/CD tokens stored in .env files. The extension marketplace review process catches obvious malware but cannot detect a sleeper payload that activates only when the extension detects it is running in a high-value repository.

Mitigation is straightforward but requires discipline. Audit the extensions your team uses, especially those with fewer than 10K installs or those that changed ownership recently. Review extension permissions in VS Code's extension pane. For CI/CD, use OIDC-based GitHub Actions authentication rather than long-lived personal access tokens. And if a package with a preinstall script appears in your lock file that was not there yesterday, investigate before you run npm install.