Malware, Supply chain, DevOps

Malicious VSCode extensions deploy GlassWorm malware anew

BleepingComputer reports that attackers have resumed the distribution of the GlassWorm malware through three new VSCode extensions just days after Open VSX revoked access tokens used by accounts compromised by the malware.

All of the new nefarious VSCode extensions, which have been downloaded over 10,000 times and are yet to be removed from Open VSX, were able to circumvent more advanced security defenses adopted by Open VSX through the utilization of invisible Unicode obfuscation also apparent in the original files, according to Koi Security. Sixty organizations in the U.S. and other parts of the world have already been impacted by the software supply chain intrusion, with the number of victims expected to grow as only a partial list was retrieved from a lone exposed endpoint.

Researchers have also determined that Russian-speaking actors leveraging the RedExt open-source command-and-control browser extension framework were behind the campaign. Additional cryptocurrency exchange and messaging platform data associated with the operation has already been provided to law enforcement.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Adware

You can skip this ad in 5 seconds