DevOps, Malware, Supply chain

Glassworm-spreading packages reemerge in Visual Studio, OpenVSX markets

(Credit: Postmodern Studio – stock.adobe.com)

BleepingComputer reports that two dozen new VSCode packages on the Microsoft Visual Studio Marketplace and OpenVSX including prettier-vsc.vsce-prettier, clangdcode.clangd-vsce, flutcode.flutter-extension, bphpburn.icons-vscode, and yamlcode.yaml-vscode-extension have facilitated the distribution of the Glassworm malware in a third wave of attacks following the containment of initial infections.

Attackers who published the packages on the marketplaces subsequently apply updates with malicious code and inflate download counts to establish trust and popularity in search results to guarantee installation over their legitimate counterparts, according to a Secure Annex report.

Moreover, Glassworm has also been updated to leverage Rust-based implants although invisible Unicode characters observed in an earlier iteration of the malware remain in use.

"We continue to assess and improve our scanning and detections to prevent abuse. Microsoft encourages users to flag suspicious content through a Report Abuse link found on every extension page," said Microsoft.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Adware

You can skip this ad in 5 seconds