search

microsoft / vscode-copilot-release

Feedback on GitHub Copilot Chat UX in Visual Studio Code.
https://marketplace.visualstudio.com/items?itemName=GitHub.copilot-chat
Creative Commons Attribution 4.0 International
334 stars 34 forks source link

Malware #2162

Open awestley opened 6 days ago

awestley commented 6 days ago

Type: Bug

This code installed malware.

Extension version: 0.22.0 VS Code version: Code 1.95.0 (Universal) (912bb683695358a54ae0c670461738984cbb5b95, 2024-10-28T20:16:24.561Z) OS version: Darwin arm64 24.1.0 Modes:

System Info |Item|Value| |---|---| |CPUs|Apple M3 Max (16 x 2400)| |GPU Status|2d_canvas: enabled
canvas_oop_rasterization: enabled_on
direct_rendering_display_compositor: disabled_off_ok
gpu_compositing: enabled
multiple_raster_threads: enabled_on
opengl: enabled_on
rasterization: enabled
raw_draw: disabled_off_ok
skia_graphite: disabled_off
video_decode: enabled
video_encode: enabled
webgl: enabled
webgl2: enabled
webgpu: enabled
webnn: disabled_off| |Load (avg)|10, 11, 9| |Memory (System)|128.00GB (52.81GB free)| |Process Argv|--crash-reporter-id bc1cc8be-5be0-47e7-8e62-d2315bb62915| |Screen Reader|no| |VM|0%|
A/B Experiments ``` vsliv368:30146709 vspor879:30202332 vspor708:30202333 vspor363:30204092 vscod805:30301674 binariesv615:30325510 vsaa593cf:30376535 py29gd2263:31024239 vscaat:30438848 c4g48928:30535728 azure-dev_surveyone:30548225 a9j8j154:30646983 962ge761:30959799 pythongtdpath:30769146 pythonnoceb:30805159 asynctok:30898717 pythonmypyd1:30879173 h48ei257:31000450 pythontbext0:30879054 cppperfnew:31000557 dsvsc020:30976470 pythonait:31006305 dsvsc021:30996838 g316j359:31013175 dvdeprecation:31068756 dwnewjupyter:31046869 2f103344:31071589 impr_priority:31102340 nativerepl1:31139838 refactort:31108082 pythonrstrctxt:31112756 wkspc-onlycs-t:31132770 wkspc-ranged-t:31151552 cf971741:31144450 iacca1:31156133 notype1:31157159 5fd0e150:31155592 dwcopilot:31164048 ```
lramos15 commented 6 days ago

Do you have any more context to this allegation?

awestley commented 1 day ago

I used co-pilot to install AWS CLI and it was flagged as malware by my companies endpoint monitoring Cynet AV. In their report it named "/Applications/Visual Studio Code.app/Contents/Frameworks/Code Helper.app/Contents/MacOS/Code Helper" as the source of the installation.

Malware ID: APPL/AVF.Agent.wtwod

I'm afraid I can't share much more than that but if there are other details, please let me know and I'll provide them if allowed.

lramos15 commented 23 hours ago

Do you have the command it gave you for installing the AWS CLI? Was it from a non official source?

awestley commented 23 hours ago

This is the entirety of the "conversation". I think it may have simply been a false positive, the URL looks legit. I'll be talking with Cynet in the next day or so.

awestley: How do I setup up AWS access using boto3?

GitHub Copilot: To set up AWS access using

boto3

, you need to configure your AWS credentials. Here are the steps:

  1. Install boto3 (if not already installed):

    pip install boto3

  2. Configure AWS credentials: You can configure your AWS credentials using the AWS CLI or by manually creating a credentials file.

    Using AWS CLI:

    aws configure

    This command will prompt you to enter your AWS Access Key ID, Secret Access Key, region, and output format.

    Manually creating a credentials file: Create a file at ~/.aws/credentials (on Mac/Linux) or C:\Users\USERNAME\.aws\credentials (on Windows) with the following content:

    [default]
aws_access_key_id = YOUR_ACCESS_KEY_ID
aws_secret_access_key = YOUR_SECRET_ACCESS_KEY

  3. Specify the region: You can specify the region in your code or in the ~/.aws/config file.

    In your code:

    ec2 = boto3.client("ec2", region_name="us-east-2")

    In the config file: Create a file at ~/.aws/config (on Mac/Linux) or C:\Users\USERNAME\.aws\config (on Windows) with the following content:

    [default]
region = us-east-2

After setting up your credentials and region, you should be able to use

boto3

to interact with AWS services.

awestley: how do I install the aws cli on mac?

GitHub Copilot: To install the AWS CLI on a Mac, follow these steps:

  1. Download the AWS CLI installer:

    curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg"

  2. Run the installer:

    sudo installer -pkg AWSCLIV2.pkg -target /

  3. Verify the installation:

    aws --version

This should output the version of the AWS CLI installed, confirming that the installation was successful.

awestley: home brew?

GitHub Copilot: To install the AWS CLI using Homebrew on a Mac, follow these steps:

  1. Install Homebrew (if not already installed):

    /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

  2. Install the AWS CLI:

    brew install awscli

  3. Verify the installation:

    aws --version

This should output the version of the AWS CLI installed, confirming that the installation was successful.

awestley: how do I setup aws access with it?

Workspace: To set up AWS access for the script in

view_ec2.py

, you need to configure your AWS credentials. Here are the steps:

  1. Install AWS CLI (if not already installed):

    pip install awscli

  2. Configure AWS CLI: Run the following command and follow the prompts to enter your AWS Access Key ID, Secret Access Key, and default region name:

    aws configure

  3. Verify Configuration: Ensure that your credentials are stored in ~/.aws/credentials and your configuration in ~/.aws/config.

  4. Run the Script: Now you can run your script

view_ec2.py

in your terminal:

    python view_ec2.py

The script uses the

boto3

library, which will automatically pick up the credentials and configuration from the AWS CLI setup.

For more details, you can refer to the AWS CLI Configuration Documentation.

awestley: Where do I get the "AWS Access Key ID"

GitHub Copilot: To get your "AWS Access Key ID" and "AWS Secret Access Key," follow these steps:

  1. Sign in to the AWS Management Console: Go to AWS Management Console and sign in with your AWS account.

  2. Navigate to the IAM Console: In the AWS Management Console, search for "IAM" (Identity and Access Management) and select it.

  3. Create a New User:

    • In the IAM dashboard, click on "Users" in the sidebar.
    • Click the "Add user" button.
    • Enter a username.
    • Select the "Programmatic access" checkbox to grant access via the AWS CLI, SDK, etc.
    • Click "Next: Permissions."

  4. Set Permissions:

    • You can attach existing policies directly or add the user to a group with the necessary permissions.
    • For simplicity, you can attach the "AdministratorAccess" policy (not recommended for production environments).

  5. Complete the Process:

    • Follow the remaining steps to review and create the user.
    • After the user is created, you will see the "AWS Access Key ID" and "AWS Secret Access Key." Make sure to download the .csv file or copy these keys, as you won't be able to see the secret key again.

  6. Configure AWS CLI: Use the keys obtained to configure the AWS CLI:

    aws configure

This will prompt you to enter the "AWS Access Key ID," "AWS Secret Access Key," default region name, and output format.

lramos15 commented 20 hours ago

Yeah everything looks correct here. I think this is falsely attributed to VS Code as well since you're utilizing the built in terminal there.