← BACK TO FEED
GitHubsupply chain securityVS CodeTeamPCPdeveloper tools

A Poisoned VS Code Extension Just Breached 3,800 GitHub Repositories

GitHub has confirmed that approximately 3,800 internal repositories were compromised after an employee installed a malicious VS Code extension, which was subsequently removed from the VS Code Marketplace and the affected device secured. The hacker group TeamPCP has claimed responsibility, advertising the stolen data on a cybercrime forum for at least $50,000, though GitHub states there is no evidence that customer data outside the breached repositories was affected. This incident is part of a broader pattern of malicious VS Code extensions targeting developers, with TeamPCP also previously linked to supply chain attacks on platforms including PyPI, NPM, and Docker.

GitHub has confirmed that around 3,800 of its internal repositories were compromised after an employee installed a trojanised VS Code extension. The company removed the malicious extension from the marketplace, isolated the affected machine, and kicked off incident response. As breaches go, the containment was reasonably swift. The damage, less so.

In a public statement, GitHub said the attack involved exfiltration of internal repositories only, and that the figure of roughly 3,800 repos cited by the attackers is consistent with what their own investigation has found so far. No evidence has emerged that customer data outside those repositories was touched.

The group taking credit is TeamPCP, who posted about the breach on the Breached cybercrime forum, claiming access to GitHub source code and around 4,000 private repositories. Their asking price: $50,000, one buyer, then they claim they'll destroy their copy. Whether you believe that last part is your business.

TeamPCP is not a new name. The group has been tied to supply chain attacks across GitHub, PyPI, NPM, and Docker, and more recently to a campaign dubbed "Mini Shai-Hulud" that reportedly caught two OpenAI employees in the crossfire. These are not opportunistic script kiddies.

The attack vector here, a malicious VS Code extension, is depressingly familiar. The VS Code Marketplace has a recurring problem with bad actors slipping in trojanised plugins, sometimes for months before anyone notices. Last year alone, extensions with a combined nine million installs were pulled over security concerns, another batch was caught deploying the XMRig cryptominer, and a separate extension with basic ransomware functionality made it onto the platform entirely unchecked. In January this year, two fake AI coding assistants with 1.5 million installs between them were quietly shipping data to servers in China.

The marketplace's review process, to put it politely, has not kept pace with the threat. When a platform serving 180 million developers and 90% of the Fortune 100 relies on employees not installing dodgy plugins, something has gone structurally wrong.

GitHub has not attributed the breach to any specific actor beyond confirming the extension was the entry point. The investigation is ongoing.