Pokemon Vibe Code Attack Warning Issued — What You Need To Know

ByDavey Winder,

Senior Contributor.

So far this month, I have reported on active Windows hack attacks, 300 million stolen credentials that are being traded on the dark web, and a magic code that just might save you a fortune if your smartphone gets stolen. What I didn’t expect to be writing about, as a cybersecurity geek, was Pokemon. Or, for that matter, vibe coding, as neither exactly floats my professional interest boat. But here we are, and here’s the news that vibe coders are abusing the AI-powered programming sensation to create malware posing as, among other things, Pokemon coding themes. Here’s what you need to know.

Downloaded hundreds of times before they were removed from the VS Code marketplace, the malicious extensions posed as “tools tailored for developers with AI vibe coders.” VS Code is the free code editor from Microsoft that is “a go-to choice for programmers,” Ernestas Naprys from Cybernews said in reporting the issue.

John Tuckner, founder of malicious software extensions protection outfit, Secure Annex, first warned of the dangers in an October 31 posting detailing how a total of five malicious extensions were published to the marketplace. Of the Pokemon theme extension, Tuckner said that “sadly, the extension only downloads malware instead of even changing highlighting syntax or showing Pikachu when you hover functions.”

Pokemon Vibe Code Attack Warning Issued — What You Need To Know

Other newsrooms on this story

Related reading

Major 'vibe-coding' platform Orchids is easily hacked, researcher finds

The Rise of ‘Vibe Hacking’ Is the Next AI Nightmare

Vibe coding: quando programmare diventa accettare senza capire

Vibe Coding Is the New Open Source—in the Worst Way Possible

Vibe coding has turned senior devs into ‘AI babysitters,’ but they say it’s…

PayPal Users Warned ‘Do Not Pay, Do Not Phone’ As Attackers Strike