Malicious VS Code Extension Exposes 3,800 GitHub Private Repos, Hacker Sells Code for $50K

On May 20, GitHub publicly admitted that an attacker stole about 3,800 internal private repositories by exploiting a malicious VS Code extension installed on a GitHub employee’s workstation. The stolen code was put up for sale on a dark‑web forum with a starting price of $50,000.

The extension appeared to be a legitimate, highly‑rated VS Code add‑on from the official marketplace with a large download count. In reality, the hacker group known as TeamPCP had hijacked the extension’s publishing pipeline and injected malicious code into the release.

When the employee clicked “Install”, the hidden payload executed silently, harvesting a range of credentials from the machine—SSH keys, cloud‑service tokens, password‑manager data, and other secrets. These credentials acted as a “master key” that granted the attackers access to GitHub’s internal private repositories.

Using the stolen keys, TeamPCP performed rapid lateral movement, cloning the approximately 3,800 private repos that contained core source code, deployment scripts, and internal configuration assets. GitHub’s security team did not notice the breach initially; they only became aware after TeamPCP announced the theft on the BreachForums dark‑web forum.

TeamPCP posted a public listing on the old LimeWire P2P site, offering a partial inventory of the compromised repositories for verification by potential buyers. Their message emphasized that the leak was not a ransom—if a buyer appeared they would sell the data, otherwise they would release it for free.

The same group had previously used the same supply‑chain poisoning technique against the popular Nx Console VS Code extension, which was live for only 18 minutes before being removed, yet still infected thousands of developers. Earlier attacks also targeted tools such as Trivy, Axios, and TanStack Router, stealing credentials for Kubernetes, npm, AWS, 1Password, private keys, and GitHub itself.

TeamPCP’s attack workflow can be summarized in four steps:

Selection : Choose a widely‑used, reputable open‑source tool or extension.

Poisoning : Compromise the maintainer’s account or exploit the update process to inject malicious code.

Release : Publish the malicious version and conduct a short, high‑volume “saturation” attack lasting minutes to infect as many users as possible.

Harvest : The payload runs silently on victim machines, stealing credentials for later lateral movement and deep intrusion.

Shaun Brown of Akido Security notes, “These are not obscure packages from unknown publishers; they are tools with high install counts, verified publisher badges, and marketplace legitimacy. High install volume means high‑value intrusion, and a verified publisher means developers won’t hesitate to install.”

The incident shatters the long‑standing assumption that code from official marketplaces or popular open‑source libraries is inherently safe. Every plugin, library, or extension now represents a potential “time bomb” that could compromise the entire software development ecosystem.

GitHub’s breach serves as a stark reminder that software supply‑chain security is an ever‑present sword hanging over developers, demanding rigorous verification of all third‑party components.