Malicious Behavior in trying to request access to a lot of my system (macOS)

[MaxDusdal]

Type: Bug

Description:
Over the past few hours, I've observed an concerning pattern with VSCode requesting permissions:

Frequency: VSCode is asking for new permissions repeatedly, but not all at once. These requests are spread out over large time intervals.
Escalation: The nature of these permissions is becoming increasingly intrusive. Recent requests include:

Permission to view reminders
Access to data from other applications
Access to folders unrelated to VSCode's normal operations

Atypical Requests: These permission requests are unusual for VSCode and seem outside its standard functionality.
Potential Malware: I suspect that one of my extensions may contain malware, given the nature of these permission requests.

Request:
If this is a known bug in VSCode, please address it urgently. If not, I would appreciate guidance on how to investigate and resolve this issue, as it poses significant security concerns.

VS Code version: Code 1.92.2 (Universal) (fee1edb, 2024-08-14T17:29:30.058Z)
OS version: Darwin arm64 23.4.0
Modes:

System Info

Item	Value
CPUs	Apple M2 (8 x 2400)
GPU Status	2d_canvas: enabled canvas_oop_rasterization: enabled_on direct_rendering_display_compositor: disabled_off_ok gpu_compositing: enabled multiple_raster_threads: enabled_on opengl: enabled_on rasterization: enabled raw_draw: disabled_off_ok skia_graphite: disabled_off video_decode: enabled video_encode: enabled webgl: enabled webgl2: enabled webgpu: enabled webnn: disabled_off
Load (avg)	22, 9, 7
Memory (System)	8.00GB (0.12GB free)
Process Argv	--crash-reporter-id 614f7dcd-3287-4d97-8cf6-e480cc0e1d5f
Screen Reader	no
VM	0%

Extensions (38)

Extension	Author (truncated)	Version
better-comments	aar	3.0.2
Handlebars	and	0.4.1
vscode-tailwindcss	bra	0.12.10
es7-react-js-snippets	dsz	4.4.3
vscode-html-css	ecm	2.0.10
prettier-vscode	esb	11.0.0
auto-rename-tag	for	0.1.10
vscode-pull-request-github	Git	0.94.0
todo-tree	Gru	0.0.226
GitHubIssues	Hoo	0.1.2
latex-workshop	Jam	10.2.1
i18n-ally	lok	2.12.0
dotenv	mik	1.0.1
mongodb-vscode	mon	1.8.1
theme-monokai-pro-vscode	mon	1.3.2
vscode-docker	ms-	1.29.2
remote-containers	ms-	0.380.0
remote-ssh	ms-	0.113.1
remote-ssh-edit	ms-	0.86.0
remote-explorer	ms-	0.4.3
test-adapter-converter	ms-	0.1.9
vscode-jest	Ort	6.2.5
material-icon-theme	PKi	5.10.0
java	red	1.34.0
snyk-vulnerability-scanner	sny	2.18.1
supermaven	Sup	1.1.8
ayu	tea	1.0.5
intellicode-api-usage-examples	Vis	0.2.8
vscodeintellicode	Vis	1.3.1
vscode-gradle	vsc	3.16.4
vscode-java-debug	vsc	0.58.0
vscode-java-dependency	vsc	0.24.0
vscode-java-pack	vsc	0.29.0
vscode-maven	vsc	0.44.0
vscode-icons	vsc	12.8.0
JavaScriptSnippets	xab	1.8.0
pretty-ts-errors	Yoa	0.6.0
material-theme	zhu	3.17.2

(3 theme extensions excluded)

A/B Experiments

vsliv368:30146709
vspor879:30202332
vspor708:30202333
vspor363:30204092
vscod805:30301674
binariesv615:30325510
vsaa593cf:30376535
py29gd2263:31024239
c4g48928:30535728
azure-dev_surveyone:30548225
a9j8j154:30646983
962ge761:30959799
pythongtdpath:30769146
welcomedialogc:30910334
pythonnoceb:30805159
asynctok:30898717
pythonregdiag2:30936856
pythonmypyd1:30879173
2e7ec940:31000449
pythontbext0:30879054
accentitlementsc:30995553
dsvsc016:30899300
dsvsc017:30899301
dsvsc018:30899302
cppperfnew:31000557
dsvsc020:30976470
pythonait:31006305
dsvsc021:30996838
9c06g630:31013171
a69g1124:31058053
dvdeprecation:31068756
dwnewjupytercf:31046870
impr_priority:31102340
nativerepl1:31104043
refactort:31108082
pythonrstrctxt:31112756
flighttreat:31119336
wkspc-onlycs-t:31111718
wkspc-ranged-c:31125598
fje88620:31121564
aajjf12562:31125793

[gjsjohnmurray]

Do you know about the Start Extension Bisect command?

[nsprenkle]

I'm seeing something similar with version 1.93 (though I won't claim that is is malicious).

On MacOS, the system prompt "VS Code would like to access data from other apps" is showing up way more than usual. I am used to it showing up maybe once after restarting the app, but now it asks dozens of times right in a row.

[bpasero]

/duplicate #208105

[vs-code-engineering]

Thanks for creating this issue! We figured it's covering the same as another one we already have. Thus, we closed this one as a duplicate. You can search for similar existing issues. See also our issue reporting guidelines.

Happy Coding!