[personalcompute]

I think you've got it!

- That commit's date matches the date in the 404media article (July 13th)

- The commit message is totally unrelated to the code (highly suspicious)

- The code itself downloads additional code at runtime (highly highly suspicious)

I have not yet been unable to uncover the code it downloads though. It downloaded code that was hosted in the same repo, https://github.com/aws/aws-toolkit-vscode/, just on the "stability" branch. (downloads a file called "scripts/extensionNode.bk") The "stability" branch presumably was a branch created by the attacker, and has presumably since been deleted by Amazon.

[personalcompute]

Update: I've uncovered the attacker's commit to the now-deleted "stability" branch that includes the offending prompt, it's https://github.com/aws/aws-toolkit-vscode/commit/1294b38b7fa.... (Archive: https://archive.md/s9WnJ)

[rusteh1]

I'm not a git expert, but how was the attacker able to push the stability branch directly to the Amazon owned repo? The PR would have been to merge the modified branch to main right?

[shdjhdfh]

My guess is that skywhopper is correct. We're only able to see the tail end of the attack, but the repo was likely compromised in some way.

[wunderwuzzi23]

AWS issued a post and they talk about revoking and replacing a credential.

So maybe the hacker was able to directly push?

https://aws.amazon.com/security/security-bulletins/AWS-2025-...

[unitof]

Joseph's 404 article quotes the hacker as saying they "got admin privileges on a silver platter," so I think this is it: first part of the breach was gaining the GitHub permission to create a branch. Possibly just by asking.