A self-propagating worm named GlassWorm has been discovered spreading via Visual Studio Code extensions on popular extension marketplaces, targeting developers. The attack leverages blockchain and innovative techniques like invisible Unicode characters to evade detection, aiming to steal credentials and cryptocurrency funds. #GlassWorm #SolanaBlockchain
Keypoints
- GlassWorm is a sophisticated worm that infects VS Code extensions on Open VSX and Microsoft Marketplace.
- The malware uses the Solana blockchain for command-and-control, with Google Calendar as a fallback.
- It employs invisible Unicode characters to conceal malicious code within extensions.
- The attack aims to harvest credentials, drain cryptocurrency wallets, and activate remote control modules.
- Extensions are configured to auto-update, enabling the malware to spread autonomously within the developer ecosystem.
Read More: https://thehackernews.com/2025/10/self-spreading-glassworm-infects-vs.html