Developers across popular integrated development environments (IDEs) like Visual Studio Code, Visual Studio, IntelliJ IDEA, and Cursor are at risk of running malicious extensions marked as “verified.”
A new report from OX Security revealed that attackers can manipulate verification checks on these code editors so that malicious extensions appear trustworthy to unsuspecting users.
“OX’s research, conducted in May and June 2025, reveals critical security vulnerabilities in how popular IDEs handle extension verification,” OX researchers said in a blog post. “We discovered (for instance) that flawed verification checks in Visual Studio Code allow publishers to add functionality to extensions while maintaining the verified icon.”
The researchers demonstrated a proof-of-concept that used the same verification values as Microsoft’s (which developed VSCode) official extensions. Once installed, the extension retained its ‘verified’ status while silently running OS-level commands, from something as trivial as launching a Calculator to dangerous tasks such as data exfiltration or opening backdoors.
OX Security confirmed the exploit was active as late as June 2025 despite being brought to vendors’ notice. Microsoft, the operator of VSCode and Visual Studio, reportedly responded to the disclosure saying the case is “by design” and does not need further attention.
Microsoft, JetBrains (IntelliJ IDEA), and Cursor did not respond to CSOOnline’s queries about the vulnerabilities.
Verified symbols can be faked
Once thought to be a reliable indicator of trust, the blue ‘check’ icon next to an extension’s name can now be spoofed. Attackers can replicate verification tokens, essentially bypassing identity checks, and inject rogue code while preserving the verified badge.
“We analyzed the traffic performed by VSCode and discovered a request to marketplace.visualstudio.com that allows the server to determine whether an extension is verified,” researchers said, adding that they found where the verification data is stored and figured out how to modify it.
Using this, they built a malicious extension that copied the verification values of a trusted one, making it appear legitimate. Packaged as a VSIX file, the crafted extension ran commands like opening the calculator and could be shared on platforms like GitHub, where developers might unknowingly install it.
Malicious VSCode extensions are already a reality as similar threats emerged in the VSCode marketplace recently, where false tools downloaded crypto miners or other malware by abusing their trusted status.
Sideloaded extensions are particularly vulnerable
After confirming the behavior on VSCode, OX extended their investigation to other platforms, including Visual Studio, IntelliJ IDEA, and Cursor.
The researchers said that despite the differences in file structures and verification mechanisms across platforms, they were able to identify the requests used for verification and locate the relevant values within the extensions. They added that by modifying these values, they successfully created extensions that retained their verified status.
According to OX Security, when it informed Microsoft about the verification flaw, Microsoft responded by saying, “After careful investigation, this case has been assessed as by design and does not meet Microsoft’s bar for immediate servicing. This is as designed. Furthermore, the changes will be prevented by extension signature verification, now enabled by default across all platforms. The attacker will be unable to publish this to the Marketplace, so only side-loading is possible.”
Microsoft further told OX Security that a dedicated team is working on additional actions to keep customers protected. However, OX Security found the flaw still exploitable on June 29, 2025. Other vendors echoed Microsoft’s stance on the disclosure. JetBrains (IntelliJ IDEA) told OX Security that since the plugin in question doesn’t originate from the JetBrains Marketplace, it is treated as a third-party, unverified extension, which the platform explicitly flags to users before installation. Cursor, meanwhile, told OX Security that it does not continuously verify extensions once they are installed.