"Researchers at Aikido, Socket, Step Security, and the OpenSourceMalware community have collectively identified 433 compromised components this month in attacks attributed to GlassWorm. Evidence of a single threat actor running the GlassWorm campaigns across multiple open-source repositories is provided by the use of the same Solana blockchain address used for command-and-control (C2) activity, identical or functionally similar payloads, and shared infrastructure."
"GlassWorm was first observed last October, with attackers using "invisible" Unicode characters to hide malicious code that harvested cryptocurrency wallet data and developer credentials. The campaign continued with multiple waves and expanded to Microsoft's official Visual Studio Code marketplace and the OpenVSX registry used by unsupported IDEs."
"Across all platforms, the Solana blockchain is queried every five seconds for new instructions. According to Step Security, between November 27, 2025, and March 13, 2026, there were 50 new transactions, mostly to update the payload URL."
GlassWorm, a coordinated supply-chain attack campaign, has compromised 433 components across multiple platforms including 200 GitHub Python repositories, 151 GitHub JS/TS repositories, 72 VSCode/OpenVSX extensions, and 10 npm packages. Researchers from Aikido, Socket, Step Security, and the OpenSourceMalware community identified the attacks. The campaign uses invisible Unicode characters to hide malicious code that harvests cryptocurrency wallet data and developer credentials. A single threat actor operates across platforms using identical Solana blockchain addresses for command-and-control, with the blockchain queried every five seconds for payload updates. Initial compromise occurs through GitHub account takeovers, followed by malicious package publication on npm and VSCode/OpenVSX with obfuscated code.
#supply-chain-attacks #malware-distribution #open-source-security #cryptocurrency-theft #developer-credentials
Read at BleepingComputer
Unable to calculate read time
Collection
[
|
...
]