{"id":"MAL-2026-2230","summary":"Malicious code in aquasecurityofficial.trivy-vulnerability-scanner (VSCode:https://open-vsx.org)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: google-open-source-security (b6cab1dae06f51e2aaa57704d8374b6882440070d0796e7b719a85e6f803888b)\nThis extension is a compromised version of the offical Trivy VSCode extension\navailable on the Microsoft Marketplace. Versions 1.8.11 and earlier\nuploaded to OpenVSX are non-malicious. Malicious behavior was added in v1.8.12\nand further refined in v1.8.13.\n\nThe extension attempts to run various AI tools with a prompt designed to\ngather sensitive information, and publish it via a GitHub repository.\n","modified":"2026-03-26T04:47:00.176389Z","published":"2026-03-26T04:00:51Z","database_specific":{"malicious-packages-origins":[{"import_time":"2026-03-26T04:01:36.072549Z","source":"google-open-source-security","modified_time":"2026-03-26T04:00:51Z","sha256":"b6cab1dae06f51e2aaa57704d8374b6882440070d0796e7b719a85e6f803888b","versions":["1.8.12","1.8.13"]}]},"references":[{"type":"ARTICLE","url":"https://socket.dev/blog/unauthorized-ai-agent-execution-code-published-to-openvsx-in-aqua-trivy-vs-code-extension"}],"affected":[{"package":{"name":"aquasecurityofficial.trivy-vulnerability-scanner","ecosystem":"VSCode:https://open-vsx.org"},"versions":["1.8.12","1.8.13"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/vscode:open-vsx.org/aquasecurityofficial.trivy-vulnerability-scanner/MAL-2026-2230.json"}}],"schema_version":"1.7.5"}