An attacker was able to compromise the Amazon Q VS Code extension in version 1.84.0 by committing code with a malicious code into its Git Hub repository, according to a story by @404mediaco.
The compromised version has been removed and is no longer available. According to Amazon no users have been impacted.
The attacker’s code adds a function to the VS Code extension which invokes Amazon’s Q cli tool, which allows developers to interact with ML models directly from the terminal, utilizing a malicious prompt. The malicious prompt asks the AI agent in use to produce commands for wiping the machine on which it’s running through bash commands, as well as cloud resources.
This attack vector illustrates the growing sophistication level of supply chain attacks. As AI agents are more prevalent than ever, and in combination with IDE extensions, they can be leveraged to target different stages of the software development life cycle.