The Amazon Q extension for Visual Studio Code was compromised for two days, allowing a malicious script to delete user files and AWS resources. A hacker contacted a media outlet claiming the endeavor aimed to embarrass AWS regarding security failures rather than cause immediate damage. The bad commit introduced in version 1.84 included commands designed to wipe files from the user's home directory and to access AWS profiles to delete resources. The hacker purportedly submitted a pull request from a random account and received admin credentials without due diligence from AWS, who later issued a security bulletin addressing the incident.
The official Amazon Q extension for Visual Studio Code was compromised to include a prompt to wipe the user's home directory and delete all their AWS resources.
A person presenting themselves as the hacker claimed that the wiper was designed to be defective, serving as a warning about AWS's security issues.
The hacker's pull request to the AWS repository was submitted from a random account, which resulted in AWS unintentionally granting admin credentials.
AWS released the compromised package of the extension obliviously, merging the bad commit, which was later reverted in the following version.
Collection
[
|
...
]