Skip to main content
Emerging ThreatsMalware & Ransomware

GitHub Breach Exposes 3,800 Repos via Malicious VSCode Extension

Developer workstation with laptop, monitor, and coding tools in a modern office space.

"Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response immediately," GitHub said.

GitHub confirms internal repository exfiltration

GitHub has acknowledged that an employee device was compromised after the installation of a trojanized Visual Studio Code (VS Code) extension and says the incident involved exfiltration of GitHub-internal repositories. The company removed the malicious extension from the VS Code Marketplace, isolated the affected endpoint, and initiated incident response.

GitHub's "current assessment" is that the activity "involved exfiltration of GitHub-internal repositories only." The company additionally told BleepingComputer that it has found no evidence that customer data stored outside the affected repositories has been affected.

Scope: roughly 3,800 repositories, attacker claims ~4,000

GitHub said the attacker's public claims of about 3,800 repositories are "directionally consistent" with the company's investigation. On the Breached cybercrime forum, a group calling itself TeamPCP claimed access to GitHub source code and "~4,000 repos of private code," and posted an offer to sell the data for at least $50,000.

In that posting TeamPCP wrote, "As always this is not a ransom, We do not care about extorting Github, 1 buyer and we shred the data on our end, it looks like our retirement is soon so if no buyer is found we will leak it free... If you are interested. Send your offers to the communications below, we are not interested in under 50k, the best offer will get it."

GitHub has not publicly attributed the breach to any actor; TeamPCP has claimed responsibility in the forum posting.

Trojanized VS Code extensions as an attack vector

VS Code extensions are plugins available from the VS Code Marketplace that add features or integrate tools into Microsoft's code editor. Malicious extensions are not new to the market: the source notes multiple previous incidents where trojanized or malicious extensions were used to steal credentials, run cryptominers, or exfiltrate data.

  • Last year, VS Code extensions with a combined 9 million installs were removed over security risks.
  • Ten extensions posing as legitimate development tools were discovered distributing the XMRig cryptominer.
  • A threat actor named WhiteCobra previously flooded the marketplace with 24 crypto-stealing extensions and slipped in an extension with basic ransomware capabilities.
  • In January, two extensions marketed as AI coding assistants with 1.5 million installs reportedly exfiltrated data from compromised developer systems to servers in China.

TeamPCP’s prior activity and the supply chain context

The source links TeamPCP to earlier supply chain campaigns affecting developer-focused platforms, including GitHub, PyPI, NPM, and Docker. It also ties the actor to the "Mini Shai-Hulud" campaign, which the source says impacted two OpenAI employees. The group's public demand and its past targeting of developer ecosystems underscore a continued focus on supply chain and developer-tooling compromise.

What this means for technologists, enterprises, and open-source maintainers

  • Technologists and security teams: The incident highlights the risk of compromised developer tooling—specifically extensions installed from public marketplaces. Teams will watch for additional indicators of compromise and reassess how extensions are vetted on developer endpoints.
  • Enterprises and procurement leaders: GitHub's platform reaches "over 4 million organizations (including 90% of the Fortune 100)" and "more than 180 million developers" across "over 420 million code repositories." Organizations that host private code on GitHub will be attentive to GitHub's follow-up on scope, attribution, and any downstream exposure.
  • Open-source maintainers: Prior supply chain compromises noted in the source—across package ecosystems and marketplaces—signal an ongoing threat to code integrity and provenance. Maintainers will likely monitor for signs that stolen internal code could be repackaged or leaked to adversaries.

The immediate technical actions GitHub reported—removing the malicious extension, isolating the endpoint, and beginning incident response—address the immediate vector. What remains unresolved in the public record is whether the data TeamPCP claims will be sold, leaked, or otherwise weaponized, and whether further repositories beyond the roughly 3,800 reported will surface.

GitHub's confirmation that customer data outside the affected internal repositories shows no evidence of compromise is an important early boundary. The company's next steps—completing the investigation, establishing firm attribution if possible, and communicating any additional indicators of compromise—will determine how broadly this incident ripples through developer tooling and enterprise source-code protection practices.

Read the original BleepingComputer report: https://www.bleepingcomputer.com/news/security/github-confirms-breach-of-3-800-repos-via-malicious-vscode-extension/