Analysis

Cybersecurity researchers have identified two significant supply chain attacks: a malicious Visual Studio Code extension with ransomware capabilities, notably created with AI assistance, and 17 trojanized npm packages distributing the Vidar Infostealer. The "susvsex" VS Code extension, uploaded on November 5, 2025, by "suspublisher18," was designed to zip, upload, and encrypt files, utilizing GitHub for command-and-control. Microsoft (MSFT) swiftly removed the VS Code extension on November 6, limiting its immediate impact due to initial misconfiguration, though its malicious functionality was easily updateable. Concurrently, Datadog Security Labs (DDOG) unearthed 17 npm packages, uploaded from October 21-26, 2025, which distributed the Vidar Infostealer, marking its first appearance on the npm registry. These packages saw at least 2,240 downloads before their associated accounts were banned. These incidents underscore the escalating risks within developer ecosystems, highlighting the increasing sophistication of supply chain attacks across open-source platforms like npm and VS Code. The use of AI in malware creation, as seen with "vibe-coded" ransomware, and advanced C2 channels (GitHub, Telegram/Steam) present evolving threats. This necessitates heightened vigilance and due diligence from developers and organizations.