Threat Overview
In late December 2025, security researchers uncovered a sophisticated supply‑chain attack that leveraged the Visual Studio Code ecosystem to deliver a multi‑stage malware payload. The attack was initiated through a seemingly innocuous extension named prettier-vscode-plus that appeared on the official VSCode Marketplace. By masquerading as the legitimate Prettier formatter, the adversary was able to gain the trust of thousands of developers worldwide.
Malicious Extension as Entry Point
The prettier-vscode-plus extension was packaged with a hidden background script that executed immediately upon installation. Once loaded, the script began a stealthy download of the first stage loader, known internally as Anivia. Because the extension ran with the same privileges as the VSCode process, it bypassed the typical sandbox restrictions that would otherwise flag suspicious activity.
Anivia Loader and In‑Memory Decryption
Anivia served as a lightweight bootstrap that fetched the remaining payloads from a command and control server. The loader employed AES‑256 encryption to protect the binary blobs during transit and used a custom key derivation routine that was embedded in the extension’s code. After decryption, Anivia performed process hollowing to inject the next stage into a legitimate system process, thereby evading static analysis tools that monitor executable file creation.
OctoRAT: The Final Stage
The ultimate payload in the chain is OctoRAT, a fully featured remote access toolkit. OctoRAT exposes over 70 commands that enable the attacker to conduct surveillance, exfiltrate files, take remote desktop control, establish persistence, elevate privileges, and even launch harassment campaigns. The toolkit communicates over a covert channel that mimics normal VSCode telemetry traffic, making network monitoring particularly challenging.
Advanced Tactics and Evasion
Beyond encryption and process hollowing, the threat actor employed a UAC bypass technique that leveraged a signed system utility to elevate privileges without user interaction. Additionally, the GitHub repository associated with the attack revealed a rotating set of payloads, indicating that the adversary was actively updating the malware to defeat signature‑based detection. The use of legitimate developer tooling as a vector demonstrates the evolving sophistication of supply‑chain attacks.
Implications for the Development Community
Supply‑chain attacks that target trusted development tools pose a unique risk because developers often run extensions with elevated privileges and rely on the integrity of the marketplace. The prettier-vscode-plus incident underscores the need for rigorous vetting of extensions, continuous monitoring of marketplace activity, and a culture of security awareness among developers.
Recommendations for Security Analysts and Developers
- Marketplace Monitoring: Implement automated scanning of extensions for malicious code patterns and anomalous network activity. Use signed extensions and enforce strict code signing policies.
2. Least Privilege Enforcement: Run VSCode in a restricted sandbox or container where extensions cannot access system processes or perform privileged operations.
3. Runtime Detection: Deploy host‑based intrusion detection systems that flag process hollowing, UAC bypass attempts, and unusual AES decryption routines.
4. Network Segmentation: Isolate development machines from critical infrastructure and monitor outbound traffic for suspicious TLS connections that mimic legitimate telemetry.
5. Incident Response Playbook: Prepare a response plan that includes isolation of infected workstations, forensic imaging, and analysis of in‑memory payloads to identify the presence of OctoRAT.
6. Security Awareness Training: Educate developers on the risks of installing extensions from unverified sources and encourage the use of official extension channels only.
