A major and ongoing supply-chain attack is currently targeting developers through the OpenVSX and Microsoft Visual Studio Code (VS Code) extension marketplaces via a self-spreading malware dubbed “GlassWorm” that has triggered an estimated 35,800 installations to date.
The campaign leverages novel techniques, such as embedding malicious code within invisible Unicode characters, enabling it to bypass detection and make the threats literally invisible in code editors. GlassWorm not only infects extensions, but also uses compromised accounts to further propagate itself, posing an accelerating risk through the dependency and update mechanisms of these platforms.
The malware focuses on stealing credentials for GitHub, npm, and OpenVSX accounts, as well as harvesting cryptocurrency wallet information from 49 different extensions. It then escalates the compromise by deploying a SOCKS proxy on infected machines, facilitating covert malicious traffic, and by installing HVNC (Hidden Virtual Network Computing) clients for undetectable remote access.
GlassWorm leverages a hardcoded Solana blo
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: