BleepingComputer reports that attackers have resumed the distribution of the GlassWorm malware through three new VSCode extensions just days after Open VSX revoked access tokens used by accounts compromised by the malware.All of the new nefarious VSCode extensions, which have been downloaded over 10,000 times and are yet to be removed from Open VSX, were able to circumvent more advanced security defenses adopted by Open VSX through the utilization of invisible Unicode obfuscation also apparent in the original files, according to Koi Security. Sixty organizations in the U.S. and other parts of the world have already been impacted by the software supply chain intrusion, with the number of victims expected to grow as only a partial list was retrieved from a lone exposed endpoint.Researchers have also determined that Russian-speaking actors leveraging the RedExt open-source command-and-control browser extension framework were behind the campaign. Additional cryptocurrency exchange and messaging platform data associated with the operation has already been provided to law enforcement.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
AdwareYou can skip this ad in 5 seconds



