The GlassWorm malware campaign, initially targeting VS Code developers on Microsoft's official marketplace, has now broadened its reach to open-source alternatives like Open VSX, according to a recent report by Tech Radar.Security researchers discovered four extensions on the Open VSX marketplace that were compromised and used to deliver a macOS infostealer. These extensions, which had been legitimate for approximately two years, were updated on January 30 to include malware. The infostealer harvests sensitive data from browsers, cryptocurrency wallets, macOS keychain, Apple Notes, Safari cookies, developer secrets, and local files, exfiltrating it to an attacker-controlled server. The malicious extensions were downloaded 22,000 times and exclusively targeted macOS devices, notably excluding Russian-locale systems, suggesting a potential Russian origin for the attackers.The discovery and subsequent removal of malicious extensions from Open VSX highlight the persistent threat of supply-chain attacks in the software development ecosystem. While the Open VSX platform has taken action, users who downloaded the affected extensions must manually remove them, scan their systems, and rotate credentials to fully mitigate the risks.Source: Tech Radar
Data Security, Malware, Supply chain, DevOps
GlassWorm malware campaign expands to Open VSX, targeting macOS users

(Adobe Stock)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



