Microsoft’s AI Ransomware Oopsie: A Comedy of Errors in VS Code Marketplace
The “susvsex” extension on Microsoft’s VS Code marketplace is the tech equivalent of a villain revealing their evil plan in a monologue. Despite its blatant ransomware functionality and AI-generated vibe, Microsoft initially left it up. Secure Annex calls it “AI slop,” proving even malicious software has room for improvement.
Hot Take:
Looks like AI is getting a little too big for its binary britches! The fact that Microsoft hosted an AI-assisted ransomware extension on their official VS Code marketplace is like leaving the door wide open for a burglar, then being surprised when the silverware goes missing. Microsoft’s response? “What extension?” It’s like playing hide and seek with a toddler who thinks closing their eyes makes them invisible. Somebody at Microsoft needs to install some patches…on their review process.
Key Points:
- A malicious extension named susvsex was discovered on Microsoft’s VS Code marketplace.
- The extension’s ransomware capabilities were openly detailed in its description.
- Secure Annex researcher John Tuckner reported the extension, but it remained available initially.
- Extension leverages AI-generated code for its ransomware operations.
- Microsoft has been contacted but initially left the extension lingering longer than a bad smell.