The GlassWorm supply chain campaign has re-emerged, targeting Microsoft Visual Studio Marketplace and Open VSX with 24 malicious extensions impersonating popular developer tools. The attackers use stolen credentials and Rust-based implants to spread malware, compromise repositories, and drain cryptocurrency assets. #GlassWorm #Solana #VisualStudioMarketplace #OpenVSX
Keypoints
- GlassWorm campaign infiltrates developer extension marketplaces by impersonating legitimate tools.
- The malware uses the Solana blockchain for command-and-control (C2) operations and credential harvesting.
- The extensions are artificially inflated in download counts to appear trustworthy and deceive developers.
- Rust-based implants inside extensions target Windows and macOS systems to download payloads from C2 servers.
- Attackers can update malicious code after initial approval, evading filters and maintaining persistence.
Read More: https://thehackernews.com/2025/12/glassworm-returns-with-24-malicious.html