Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

VS Code extensions and GitHub token hijacking: what breaks now?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9874
Topic starter  

TL;DR: Malicious VS Code extensions can silently inherit GitHub OAuth sessions, plant an SSH key, and survive token revocation, password rotation, and uninstall, leaving persistent repository access even after standard incident response, according to Knostic. The core failure is an authentication model that assumes revocation closes access when identity can be re-established through another path.

NHIMG editorial — based on content published by Knostic: The Attack That Survives Your Response When a developer discovers a compromised VS Code extension

By the numbers:

  • The malicious extension used an 800ms startup delay to avoid scanners that flag immediate network activity at launch.

Questions worth separating out

Q: What breaks when a malicious VS Code extension can inherit a GitHub session silently?

A: Revoking the original OAuth token may not end access if the extension has already created a second authentication path.

Q: Why do VS Code extension attacks create more risk than simple token theft?

A: Because they can turn a transient session into durable repository access.

Q: How do security teams know if a developer identity has been re-bound after revocation?

A: Check for newly added SSH keys, unexpected OAuth authorizations, unusual repository access patterns, and any extension activity tied to startup events.

Practitioner guidance

  • Audit GitHub SSH keys immediately Search for keys titled vscode-recovery or carrying the comment implant@poc, then remove any key you did not intentionally create.
  • Review extension inheritance of GitHub sessions Inventory which VS Code and Cursor extensions can call shared authentication APIs and inherit existing GitHub sessions.
  • Rotate repository secrets after account-level compromise Treat .env files, cloud credentials, API keys, and workflow secrets in active repositories as exposed if the account was targeted.

What's in the full article

Knostic's full research covers the operational detail this post intentionally leaves for the source:

  • Static analysis of the malicious extension code path, including the exact startup sequence and API calls used to inherit GitHub access
  • The full indicator set for both malicious extensions, including hashes, endpoints, titles, and behavioural indicators
  • A step-by-step remediation sequence for account owners who need to verify SSH keys, OAuth apps, and repository exposure
  • The broader monitoring patterns used in marketplace threat hunting across VS Code and OpenVSX

👉 Read Knostic's analysis of VS Code extension hijacking and GitHub token persistence →

VS Code extensions and GitHub token hijacking: what breaks now?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 9358
 

Shared developer-tool authentication is now an identity governance problem, not a browser-session convenience. VS Code's model assumes that inherited GitHub sessions remain safe when reused by extensions. That assumption fails when untrusted code can silently request scopes and then convert that access into a durable authentication path. The implication is that extension trust, not just account hygiene, has to sit inside the identity control model.

A few things that frame the scale:

A question worth separating out:

Q: Who is accountable when a developer tool plants persistent repository access?

A: The accountability sits with the identity and platform owners who govern GitHub sessions, SSH keys, and approved tooling, not only with the endpoint team. This is a shared control problem across IAM, developer experience, and incident response. The governing question is whether the organisation can prove that the planted credential was removed.

👉 Read our full editorial: VS Code extension persistence breaks standard GitHub token response



   
ReplyQuote
Share: