A sophisticated supply chain attack using the GlassWorm malware targets Visual Studio Code developers through compromised extensions in the OpenVSX marketplace. The malware employs complex stealth techniques, blockchain-based command-and-control infrastructure, and credential theft to spread and maintain persistence. #OpenVSX #GlassWorm
Keypoints
- GlassWorm is a self-propagating malware targeting Visual Studio Code extensions.
- The malware steals credentials from NPM, GitHub, and other sources, and drains cryptocurrency funds.
- It uses Unicode variation selectors to hide malicious code from human reviewers and static analysis tools.
- GlassWorm leverages the Solana blockchain and Google Calendar for resilient command-and-control infrastructure.
- Over 35,800 installations of infected extensions have occurred, spreading malware silently across developer environments.
Read More: https://www.securityweek.com/supply-chain-attack-targets-vs-code-extensions-with-glassworm-malware/