The resurgence of GlassWorm malware in the Open VSX registry highlights ongoing threats from malicious extensions targeting developers and organizations. The attack employs Unicode hiding techniques and exploits the Solana blockchain for command-and-control, affecting a global range of victims. #GlassWorm #OpenVSX #Solana #GitHub #CyberThreats
Keypoints
- GlassWorm malware was reintroduced into the Open VSX registry after initial removal.
- The malware aimed to steal credentials from NPM, GitHub, and cryptocurrency extensions.
- It used Unicode variation selectors to hide malicious code in editors.
- The attackers leveraged the Solana blockchain for command-and-control infrastructure.
- Multiple infected extensions and malicious repositories were discovered across platforms, indicating a widespread campaign.
Read More: https://www.securityweek.com/glassworm-malware-returns-to-open-vsx-emerges-on-github/