A GitHub employee installed a trojanized VS Code marketplace extension, leading to exfiltration of ~3,800 internal repositories by threat group TeamPCP.
Key Takeaways
GitHub isolated the endpoint and removed the malicious extension; no customer data outside affected repos is known to be compromised.
TeamPCP is selling the stolen code on Breached forum for $50,000 minimum, threatening free release if no buyer is found.
TeamPCP previously hit GitHub, PyPI, NPM, and Docker in supply chain campaigns and was linked to the “Mini Shai-Hulud” campaign affecting OpenAI employees.
VS Code extensions run with full user-level access; the marketplace has a documented history of malicious extensions with millions of installs stealing credentials and deploying cryptominers.
GitHub serves 180M developers and 4M organizations; internal repo count of 3,800 is likely a small fraction of total internal repos.
Hacker News Comment Review
Commenters broadly agree VSCode extension sandboxing is the root structural problem; the permissions issue has had an open GitHub issue since 2018 with no resolution.
Electron’s SUID sandbox helper creates a hard technical barrier to sandboxing extensions on Linux, making the attack surface difficult to close even for security-conscious teams.
Practical mitigations discussed include enabling GitHub enterprise audit log streaming with source IPs and API request logging, and restricting PAT token scope and lifetime.
Notable Comments
@innoying: Lists specific org-level controls for PAT exfiltration risk including audit log streaming to S3 and API request logging.
