How Malicious IDE Extensions Can Bypass Trust Security and Infect Developer Machines

The security of millions of developers is at risk after new research revealed critical flaws in how the world’s most popular Integrated Development Environments (IDEs) verify third-party extensions.

The OX research team has uncovered an alarming vulnerability: attackers can craft extensions that retain the coveted “verified” badge while concealing dangerous code, allowing them to execute arbitrary commands on developers’ systems.

Breaking the Chain of Trust

IDEs like Visual Studio Code (VSCode), Visual Studio, IntelliJ IDEA, and Cursor are at the heart of modern software development.

Their functionality is often enhanced through downloadable add-ons, which offer features that streamline coding, debugging, and deployment.

A blue checkmark or “verified” symbol is meant to assure users that an extension is legitimate and safe an assurance that, according to OX’s findings from May and June 2025, is dangerously easy to fake.

The research team set out to probe the robustness of IDE extension verification. They built malicious extensions for each of the major platforms and discovered that it’s possible to manipulate extension files so that a trojanized add-on appears fully verified.

Extensions were packaged with all the proper credentials, a correct publisher name, a verified status, and even the original download and rating stats. Still, they now secretly included code capable of executing system commands, such as launching the Windows calculator as a benign proof of concept.

Technical Insight: Exploiting Verification Shortcomings

VSCode, the leading open-source code editor from Microsoft, was a prime target.

Verification in VSCode stems from metadata and publisher checks; yet, the OX team demonstrated that it was possible to reconstruct these markers within a VSIX package (the format used for VSCode extensions) to mimic an authentic, verified extension.

Their extension, indistinguishable from the original, could be sideloaded by developers downloading it from external sites like GitHub.

Similar flaws were identified in Visual Studio, IntelliJ IDEA, and Cursor. The research revealed that verification systems focus on the extension’s metadata and signing at the time of install, but they do not continuously check file integrity.

Thus, tampered extensions can continue to masquerade as safe.

Industry Response and What Developers Should Do

When informed, Microsoft and JetBrains downplayed the risk, noting that such exploits are only possible via manual sideloading, not through their official marketplaces.

“This is as designed,” Microsoft stated, emphasizing that signature verification (now default) blocks malicious files on the Marketplace, though sideloaded extensions remain a risk. JetBrains echoed this warning, advising users not to install third-party plugins.

Security experts urge developers to:

• Install extensions only from official marketplaces.
• Treat verified badges as a helpful indicator but not a guarantee of safety.
• Consider taking additional steps, such as validating extension signatures and monitoring for any unexpected behavior.

As the research highlights, the trust chain for IDE extensions can be surprisingly fragile, underscoring the need for vigilance from both toolmakers and developers alike.