The GlassWorm malware campaign has reemerged, infecting new VSCode extensions on OpenVSX with updated infrastructure to target global systems. This persistent threat continues to exploit platform vulnerabilities to steal credentials and cryptocurrency data. #GlassWorm #OpenVSX #VSCodeExtensions #Solana
Keypoints
- GlassWorm initially impacted 12 extensions on VS Code and OpenVSX marketplaces.
- The malware uses invisible Unicode characters to hide and execute malicious JavaScript code.
- Recent resurgence involves three new extensions on OpenVSX with over 9,800 downloads in total.
- The threat operators are Russian-speaking, utilizing RedExt C2 framework, and have updated their C2 endpoints.
- Global victims include systems across multiple continents, with law enforcement notified of the exposed data.