The Glassworm malware campaign has re-emerged on extension marketplaces for VS Code, infecting new packages with malicious code designed to steal sensitive information and maintain stealthy remote access. Despite efforts to contain it, the malware returns with new techniques, including Rust-based implants, and manipulates search results to appear trustworthy. #Glassworm #OpenVSX #VisualStudioMarketplace
Keypoints
- Glassworm is a malware campaign targeting VS Code extension repositories.
- The malware uses invisible Unicode characters to hide malicious code from review.
- It steals account credentials for GitHub, npm, and OpenVSX, as well as cryptocurrency data.
- The campaign re-emerges with new extensions and fake popularity boosting tactics.
- Recent versions incorporate Rust-based implants and sophisticated obfuscation techniques.