I guess they put their AI in charge of code review?
skywhopper · 6h ago
I’m curious exactly what happened here. The 404media article isn’t detailed enough to be sure. My guess is the PR took advantage of some code injection possibilities in the GitHub Actions on the repo to grant the attacker admin access. But that’s a wild guess.
gruez · 3h ago
>My guess is the PR took advantage of some code injection possibilities in the GitHub Actions on the repo to grant the attacker admin access. But that’s a wild guess.
Someone below mentioned the offending commit[1], which seems to be a doppelganger of another commit[2]. Maybe the exact commit message broke the automation?
Exactly my position. I can’t realistically assess the potential scope of damage without a proper disclosure from AWS’s normally-excellent security team.
shdjhdfh · 5h ago
Your article breathlessly blames AWS for being reckless while having no real facts about the compromise. The whole thing reads like click bait.
QuinnyPig · 3h ago
You’re absolutely right that we don’t have a complete postmortem—and that’s exactly the problem.
I’d love to have real facts from AWS about the full scope of this incident. But instead of a disclosure, we got a version quietly pulled from the VS Code extension marketplace, no CVE, no changelog note, and a statement that reads like it was pre-approved by legal and sanitized with a pressure washer.
When a malicious prompt that attempts to wipe both local and cloud resources makes it into a shipping release of a tool that’s been installed nearly a million times, I don’t think “hey maybe we should talk about this” qualifies as breathless or clickbait. It qualifies as basic scrutiny.
And yes, I’ve praised AWS’s security posture before. I’d still prefer they lead with transparency instead of hoping no one notices the /tmp/CLEANER.LOG.
txcwpalpha · 1h ago
Nah, the parent commenter is right - your post is just ragebait/clickbait.
The parent commenter didn't ask for a postmortem, they said your post lacks facts. And it does. You don't even attempt to answer your own questions - did this affect anyone? Have you heard from any of your many contacts that use AWS if they were affected by this? Did you put forth any effort to ask? Or are you just jumping up and down screaming "the sky is falling"? Hell, even the hacker themselves told 404media that they don't think it actually would have deleted anything - do you think differently? Why?
You criticize a lot about the Git repo, and yet you didn't even bother to go look at the repo and find the relevant commits (they're there - they were not deleted, it wasn't "vanished", they're literally still there in the commit log). If you had looked at them and provided even a cursory summary of the commits and how it happened, it would've made your article considerably more valuable.
Your entire section criticizing AWS's message that "no customers were impacted" is also senseless. Surely you know more than most that AWS doesn't rely on some local log file for this type of stuff - the Q service itself logs calls to it, the VSCode extension includes telemetry, VSCode itself has telemtry, and Microsoft also have logs about how many people and who downloaded that version of the extension. There's likely countless amounts of logs on this stuff - and again, there's no reports of anyone saying they got popped by it. Do you know otherwise? If so, say so.
This was a failing of security on AWS's part, and that sucks. But 404media already covered that - your blog post is just spam trying to take advantage of it, and doesn't add any actual value or facts to the conversation. I know you see yourself as a "prolific shitposter", but this article was even below your typical shitposting standard.
shdjhdfh · 5h ago
The prompt 404 quotes in the article doesn't appear to exist anywhere in the git history for the repo they point to. It seems unlikely that Amazon would rewrite git history to hide this. Maybe the change was in a repo pulled in as a dependency.
- That commit's date matches the date in the 404media article (July 13th)
- The commit message is totally unrelated to the code (highly suspicious)
- The code itself downloads additional code at runtime (highly highly suspicious)
I have not yet been unable to uncover the code it downloads though. It downloaded code that was hosted in the same repo, https://github.com/aws/aws-toolkit-vscode/, just on the "stability" branch. (downloads a file called "scripts/extensionNode.bk") The "stability" branch presumably was a branch created by the attacker, and has presumably since been deleted by Amazon.
I'm not a git expert, but how was the attacker able to push the stability branch directly to the Amazon owned repo? The PR would have been to merge the modified branch to main right?
shdjhdfh · 2h ago
My guess is that skywhopper is correct. We're only able to see the tail end of the attack, but the repo was likely compromised in some way.
shdjhdfh · 5h ago
Another thing to note, the AI angle on this is nonsensical. The commit could have just as easily done many other negative things to the system without AI as a layer of indirection.
Another article came out earlier about dataloss from some vibecoding project and an automated snapshot setup would have mitigated this very issue.
Someone below mentioned the offending commit[1], which seems to be a doppelganger of another commit[2]. Maybe the exact commit message broke the automation?
[1] https://github.com/aws/aws-toolkit-vscode/commit/678851bbe97...
[2] https://github.com/aws/aws-toolkit-vscode/commit/d1959b99684...
I’d love to have real facts from AWS about the full scope of this incident. But instead of a disclosure, we got a version quietly pulled from the VS Code extension marketplace, no CVE, no changelog note, and a statement that reads like it was pre-approved by legal and sanitized with a pressure washer.
When a malicious prompt that attempts to wipe both local and cloud resources makes it into a shipping release of a tool that’s been installed nearly a million times, I don’t think “hey maybe we should talk about this” qualifies as breathless or clickbait. It qualifies as basic scrutiny.
And yes, I’ve praised AWS’s security posture before. I’d still prefer they lead with transparency instead of hoping no one notices the /tmp/CLEANER.LOG.
The parent commenter didn't ask for a postmortem, they said your post lacks facts. And it does. You don't even attempt to answer your own questions - did this affect anyone? Have you heard from any of your many contacts that use AWS if they were affected by this? Did you put forth any effort to ask? Or are you just jumping up and down screaming "the sky is falling"? Hell, even the hacker themselves told 404media that they don't think it actually would have deleted anything - do you think differently? Why?
You criticize a lot about the Git repo, and yet you didn't even bother to go look at the repo and find the relevant commits (they're there - they were not deleted, it wasn't "vanished", they're literally still there in the commit log). If you had looked at them and provided even a cursory summary of the commits and how it happened, it would've made your article considerably more valuable.
Your entire section criticizing AWS's message that "no customers were impacted" is also senseless. Surely you know more than most that AWS doesn't rely on some local log file for this type of stuff - the Q service itself logs calls to it, the VSCode extension includes telemetry, VSCode itself has telemtry, and Microsoft also have logs about how many people and who downloaded that version of the extension. There's likely countless amounts of logs on this stuff - and again, there's no reports of anyone saying they got popped by it. Do you know otherwise? If so, say so.
This was a failing of security on AWS's part, and that sucks. But 404media already covered that - your blog post is just spam trying to take advantage of it, and doesn't add any actual value or facts to the conversation. I know you see yourself as a "prolific shitposter", but this article was even below your typical shitposting standard.
- That commit's date matches the date in the 404media article (July 13th)
- The commit message is totally unrelated to the code (highly suspicious)
- The code itself downloads additional code at runtime (highly highly suspicious)
I have not yet been unable to uncover the code it downloads though. It downloaded code that was hosted in the same repo, https://github.com/aws/aws-toolkit-vscode/, just on the "stability" branch. (downloads a file called "scripts/extensionNode.bk") The "stability" branch presumably was a branch created by the attacker, and has presumably since been deleted by Amazon.