Releases: DataDog/IDE-SHEPHERD-extension
Release list
Release v3.1.2
Detection — Miasma Supply-Chain Worm (June 2026)
Three new rules targeting the TTPs newly observed in the Miasma worm campaign (TeamPCP, June 5 2026), which compromised 73 Microsoft repositories by planting IDE/AI-agent config files that auto-execute a credential-harvesting payload on folder open or agent session start.
task_node_hidden_dir_script(High) — task rule: matchesnode .github/setup.js— the Miasma worm execution command fired via afolderOpentaskwrite_ai_agent_config_miasma_setupjs(High) — FS write rule: fires when both (1) the destination is.claude/settings.json,.gemini/settings.json, or.cursor/rules/*.mdcand (2) the written content containsnode .github/setup.js; targets the SessionStart hook andalwaysApplyprompt-injection persistence mechanism; the dual-signal requirement prevents false positives from legitimate AI coding-agent config managementmalware_download_domains— extended with Miasma C2 domains:git-service.com(May 2026 PyPI wave) andm-kosche.com(June 2026 Azure wave)
Infrastructure
- Content-pattern scanning for FS write rules —
FsRulenow accepts an optionalcontentPattern?: RegExp; when set,FsAnalyzergates rule firing on both the normalized file path and the written payload. Write data (string orBuffer) is decoded up to 64 KB before matching; content is intentionally excluded fromFsEvent.toJSON()so it is never emitted in telemetry or logs. All sixfswrite/append call sites (writeFile,appendFile, and their sync and promise variants) extract and forward the write payload to the analyzer.
Release v3.1.1
Features
vscode.tasks.executeTaskinstrumentation — patchesexecuteTaskon the sharedvscodemodule object so extension-initiated tasks are blocked before VS Code queues them, closing the gap left byonDidStartTaskwhich fires only after execution begins- What's New page — opens on first install and on each version update, pulling release notes from the bundled
CHANGELOG.md; shown at most once per version per installation via a versioned marker file in the extension directory
Detection
task_npx_auto_approve_remote(High) —npxwith-y/--yesand agithub:package specifierstealth_task_remote_install(High) — hidden task (presentationOptions.focus = false) combined with auto-confirmed remote npx install; requires both signals to fire
Bug Fixes
- Oversized bundle tail scan — files between 1 MB and 25 MB now have their last 100 KB scanned; the previous 1 MB hard cap silently skipped these files entirely
- Source rule false positives —
download_and_executenow requires a temp-directory reference as a third signal;reverse_shellnow requires a shell binary literal (/bin/sh,cmd.exe, etc.) rather than any exec/spawn call - What's New page not shown after Cursor auto-update — Cursor updates extensions in-place, preserving existing files in the extension directory. The previous marker-based check (file presence only) meant the page was silently skipped after every Cursor update. The marker file now stores the version string; the page shows whenever the stored version differs from the current one.
- Telemetry disabled and agent "Pending Restart" after update
Release v3.1.0
Features
vscode.tasks.executeTaskinstrumentation — patchesexecuteTaskon the sharedvscodemodule object so extension-initiated tasks are blocked before VS Code queues them, closing the gap left byonDidStartTaskwhich fires only after execution begins- What's New page — opens on first install and on each version update, pulling release notes from the bundled
CHANGELOG.md; shown at most once per install via a marker file in the extension directory
Detection
task_npx_auto_approve_remote(High) —npxwith-y/--yesand agithub:package specifierstealth_task_remote_install(High) — hidden task (presentationOptions.focus = false) combined with auto-confirmed remote npx install; requires both signals to fire
Bug Fixes
- Oversized bundle tail scan — files between 1 MB and 25 MB now have their last 100 KB scanned; the previous 1 MB hard cap silently skipped these files entirely
- Source rule false positives —
download_and_executenow requires a temp-directory reference as a third signal;reverse_shellnow requires a shell binary literal (/bin/sh,cmd.exe, etc.) rather than any exec/spawn call
Release v3.0.0
Feature Release
- File system monitoring — Patches
fs.readFile,fs.writeFile,fs.appendFile(sync, callback, and promise variants) to detect and block access to sensitive files. Adds 15 detection rules across read/write targets covering SSH keys, cloud credentials, shell history, persistence locations (cron, launchd, authorized_keys, hosts file, shell profiles), with cross-platform Windows path support
New Features
-
Static source analysis (beta) — IDE Shepherd now scans every
.jsfile inside an extension's directory (includingnode_modules) for known attack primitives at the TTP level. Four rules are included in the initial release:download_and_execute(Medium) — detects co-occurrence of HTTP fetch primitives and process execution callsreverse_shell(High) — detects TCP socket creation combined with process execution, a signature of reverse shell setupeval_dynamic_payload(High) — detectsevalornew Functionapplied to a base64/encoded payloaddetached_unref_pattern(Medium) — detectsdetached: truewith.unref()used to launch a persistent background process
-
Retroactive module patching — the module loader hook is now installed as the very first operation during extension activation, before any service initialization, minimizing the window in which another extension's early
require()can bypass instrumentation. Cached modules are also patched in-place at startup. -
New process monitoring rules — two additional rules added to the child process interceptor:
windows_script_host(High) — flags execution viacscript,wscript, ormshta, which are never used by legitimate VS Code extensionsdetached_silent_process(High) — flags processes spawned withdetached: trueandstdio: 'ignore', a common payload-delivery pattern
Release v2.0.2
What's Changed
Version bumped from 2.0.1 to 2.0.2
Installation
Download the .vsix file from the assets below and install it in VS Code using:
- Command Palette:
Extensions: Install from VSIX... - Or drag and drop the file into the Extensions view
Release v2.0.1
What's Changed
Version bumped from 2.0.0 to 2.0.1
Installation
Download the .vsix file from the assets below and install it in VS Code using:
- Command Palette:
Extensions: Install from VSIX... - Or drag and drop the file into the Extensions view
Release v2.0.0
What's Changed
- Tasks monitoring and detection rules
- Improved UI
- reduced false positive alerts
- OCSF resources logging fix
Installation
Download the .vsix file from the assets below and install it in VS Code/Cursor using:
code/cursor --install-extension path/to/.vsix
Release v1.3.0
What's Changed
Version bumped from 1.2.2 to 1.3.0
Installation
Download the .vsix file from the assets below and install it in VS Code using:
- Command Palette:
Extensions: Install from VSIX... - Or drag and drop the file into the Extensions view
Release v1.2.2
What's Changed
Minor hotfix for the activity bar icon :)
Version bumped from 1.2.1 to 1.2.2
Installation
Download the .vsix file from the assets below and install it in VS Code using:
- Command Palette:
Extensions: Install from VSIX... - Or drag and drop the file into the Extensions view
Release v1.2.1
What's Changed
Version bumped from 1.2.0 to 1.2.1
Installation
Download the .vsix file from the assets below and install it in VS Code using:
- Command Palette:
Extensions: Install from VSIX... - Or drag and drop the file into the Extensions view