aws-toolkit-vscode
Malicious script injected into Amazon Q Developer for Visual Studio
A threat actor exploited an inappropriately scoped GitHub token in the extension's CodeBuild configuration to commit malicious code into the open-source repository. This code was automatically included in the version 1.84.0 release. Fortunately, the malicious code failed to execute due to a syntax error.
- Date
- 2025-07-25
- Category
- Open Source
- Target Surface
- Distribution
- Insertion Phase
- source
- Impact
- None
- Cause
- Compromised Credentials
What Was Affected
Package
aws-toolkit-vscode
LanguageTypeScript
ComponentPlugin
Artifact typeextension
Domain typepackage host
Domain
marketplace.visualstudio.com
Repository
github.com/aws/aws-toolkit-vscode
Compromised Versions
Incident Context
- Motive
- Malicious
- Attribution
- Third Party
- Transitive
- No
- User Impact
- 0
- Observed Duration
- 0 days
Indicators and Changes
Hashes
sha256:47f7840ecab6312d2733e1274c513050405886c70f2037fb2f1e9099872b0464
External References
Source Data
Source record: oss/aws-toolkit-vscode/meta.yaml