Can You Trust that Verified Symbol? Exploiting IDE Extensions is Easier Than it Should Be www.ox.security/can-you-t…

Integrated Development Environments (IDEs) play a major role in today’s programming landscape. They provide comprehensive environments in which programmers can write, test, and debug code efficiently. However, OX’s research, conducted in May and June 2025, reveals critical security vulnerabilities in how popular IDEs handle extension verification.

To test our theory, the OX research team created malicious extensions on three of the most popular IDEs: Visual Studio Code, Visual Studio, and IntelliJ IDEA. At the start of our test, all three extensions appeared to be verified and trustworthy, presented with the original packaging, including the number of downloads, user ratings, and the blue “verified” symbol.