"Instead of requiring every malicious listing to embed the loader directly, the threat actor is now abusing extensionPack and extensionDependencies to turn initially standalone-looking extensions into transitive delivery vehicles in later updates, allowing a benign-appearing package to begin pulling a separate GlassWorm-linked extension only after trust has already been established."
"GlassWorm is the name given to an ongoing malware campaign that has repeatedly infiltrated Microsoft Visual Studio Marketplace and Open VSX with malicious extensions designed to steal secrets and drain cryptocurrency wallets, and abuse infected systems as proxies for other criminal activities."
"Socket said it discovered at least 72 additional malicious Open VSX extensions since January 31, 2026, targeting developers. These extensions mimic widely used developer utilities, including linters and formatters, code runners, and tools for artificial intelligence (AI)-powered coding assistants like Clade Code and Google Antigravity."
Cybersecurity researchers discovered 72 new malicious extensions in the Open VSX registry since January 31, 2026, representing a significant escalation of the GlassWorm campaign. The threat actor now exploits extensionPack and extensionDependencies features to transform initially legitimate-appearing extensions into delivery mechanisms for malware after users have already established trust. These malicious extensions impersonate popular developer tools including linters, formatters, code runners, and AI-powered coding assistants like Claude Code and Google Antigravity. GlassWorm is an ongoing malware campaign designed to steal secrets, drain cryptocurrency wallets, and abuse infected systems as proxies for criminal activities. The campaign has repeatedly infiltrated both Microsoft Visual Studio Marketplace and Open VSX registries.
#software-supply-chain-security #malware-campaign #extension-registry-attacks #developer-tools-exploitation #cryptocurrency-theft
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]