Is ChatGPT - ChatMoss（CodeMoss） safe?

Analysis summary

ChatGPT – ChatMoss (CodeMoss) is an AI-powered coding assistant for VS Code that claims to provide code optimization and bug detection. Despite its stated functionality, this extension is outright malware tied to the Malicious Corgi campaign, deliberately engineered to steal entire source code repositories and exfiltrate them to attacker-controlled servers in China, warranting a Critical Risk classification.

Key insights:

Stated purpose: Provides AI-driven code suggestions, optimization, and bug detection inside VS Code.
Risk classification: Critical, based on confirmed links to a known malicious campaign and verified unauthorized data exfiltration.
Malicious behavior: Actively exfiltrates complete source code files to external servers without user consent, creating a severe intellectual property and security exposure.
Organizational impact: Poses a high risk of source code theft, data leakage, and compromise of proprietary development environments, with potential downstream supply-chain implications.

Malware versions

8.0.0

Now Viewing

malware

7.5.3

malware

7.5.2

malware

Findings

Associated with Malicious Campaign

Flags items that have been linked to known malicious campaigns based on threat intelligence or prior incidents. Indicates coordinated activity with intent to compromise, deceive, or exploit users.

critical

Malicious Activity Detected

Flags items that exhibit confirmed malicious activity.

critical

Evidence

The extension covertly exfiltrates entire source code files to remote servers on every file open/edit (with server-controlled bulk harvesting of 50+ files)

Contains Vulnerability (CVSS Critical)

Flags items that contain or rely on components with critical severity vulnerabilities, as identified by sources such as Google OSV and NVD. These vulnerabilities may expose the item to exploitation, including risks like backdoors, privilege escalation, or data compromise.

medium

All findings are available for Enterprise users

Code analysis

AI-powered analysis of the extension's source code for security insights and risk assessment.

This VSCode extension named ChatMoss (CodeMoss) integrates ChatGPT-like AI assistance directly into the editor, supporting multiple AI models and Chinese language responses. It provides features such as code optimization, explanation, bug detection, and user queries via commands.

Key behaviors and API usage:

Webview Integration: Registers a sidebar webview and a separate webview panel to display AI responses and interact with the user.
File and Editor Monitoring: Listens to active text editor changes and document text changes. When triggered, it reads the current file's full path and content, encodes the content in Base64, and sends this data to the webview for processing or display.
Commands: Registers multiple commands for user interaction, including optimizing code, explaining code, detecting bugs, opening the webview, and sending custom queries. Commands operate on the currently selected text in the editor.
Data Handling: Uses VSCode's workspace file system API to read file contents. Sends data to webviews via messaging.
No Network or External Process Calls: The code does not show any network communication, external process spawning, shell or PowerShell command execution, or registry operations.
No Persistence Beyond VSCode State: Uses VSCode's globalState for local data storage (e.g., chatStorage), but no autostart or persistence mechanisms are established.
No Obfuscation: The code is straightforward and readable, with no string encryption or control flow obfuscation.

Overall, the extension acts as a local interface to AI-powered code assistance within VSCode, handling file content and user selections internally without suspicious operations.

API Calls

API calls detected through static analysis of the source code. For more accurate insights, explore our sandbox dynamic analysis.

high

Enterprise Only

medium

Enterprise Only

low

Enterprise Only

API CALLS ARE AVAILABLE FOR ENTERPRISE USERS

Secrets

Any encoded/decoded secrets we managed to find in the source code, git repository, or related files

high

Enterprise Only

medium

Enterprise Only

low

Enterprise Only

SECRETS ARE AVAILABLE FOR ENTERPRISE USERS

Vulnerabilities

Known vulnerabilities and security issues detected in the extension's dependencies and code.

GHSA-fjxv-7rqg-78g4

form-data uses unsafe random function in form-data for choosing boundary

CVSS:

9.4

GHSA-jr5f-v2jv-69x6

axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL

CVSS:

7.7

GHSA-4hjh-wcwx-xvwj

Axios is vulnerable to DoS attack through lack of data size check

CVSS:

7.5

All vulnerabilities are available for Enterprise users

External communication

Any identifiers we detected that may indicate external communication from the item's code

https://github.com/vuejs/core

extension/media/index.js

https://www.naiveui.com/en-US/os-theme/components/message

extension/media/index.js

https://www.naiveui.com/zh-CN/os-theme/components/message#Q-&-A.

extension/media/index.js

All external communications are available for Enterprise users

Dependencies

Dependencies and third-party libraries used by the extension, including version information and license details.

@types/glob

Version:

Unknown

@types/mocha

Version:

Unknown

@types/node

Version:

Unknown

All dependencies are available for Enterprise users

Licenses & Compliance

high

Enterprise Only

medium

Enterprise Only

low

Enterprise Only

LICENSES & COMPLIANCE ARE AVAILABLE FOR ENTERPRISE USERS