Malicious 'Fake Prettier' VSCode Extension Exfiltrates Sensitive Data

A malicious extension for Visual Studio Code (VSCode), named "Fake Prettier," has been discovered. This extension impersonates the legitimate Prettier code formatter to trick users into installation. Once active, it exfiltrates sensitive data, including source code and confidential information, to remote servers. The attack, known as the "Claude Code Attack," employs novel "antigravity techniques" for data transmission, indicating advanced evasion tactics.

Technically, this attack exploits the trust developers place in popular tools like Prettier. By mimicking a widely-used extension, attackers increase the likelihood of installation. The "antigravity techniques" suggest unconventional methods to bypass security measures, although specific details are unclear. The extension likely leverages VSCode's extensive permissions to access and transmit data without detection.

The impact on cybersecurity is substantial. Compromised source code can lead to further supply chain attacks, where malicious code is embedded in software projects and distributed downstream. Confidential data breaches can result in regulatory penalties and reputational damage. This incident underscores the risks associated with third-party extensions and the importance of verifying their authenticity.

For cybersecurity professionals, this incident serves as a reminder to enforce strict extension management policies. Developers should verify extension publishers, review permissions, and monitor for unusual network activity. Organizations should implement code signing requirements and regular audits of installed extensions. Endpoint detection solutions can help identify and mitigate malicious extensions before significant damage occurs.