"Just a little over two weeks after GlassWorm was declared "fully contained and closed" by the open source OpenVSX project, the self-propagating worm is once again targeting Visual Studio Code extensions, add-ons that enhance open source VS Code, providing new features, debuggers, and other tools to improve developer workflows. Researchers from Koi have discovered a new wave of infections and three more compromised extensions."
"First discovered in October, GlassWorm employs undisplayable Unicode characters to make malicious code invisible to code editors in VS Code environments. The worm has also now wriggled its way into GitHub repositories, hiding payloads in AI-generated commits that appear to be legitimate code changes. Released by a Russia-based attack group, the malware is infecting victims around the world. This included dozens of individual developers and enterprises in the US, Europe, Asia, South America, and "a major government entity" in the Middle East."
GlassWorm reappeared weeks after being declared contained, continuing to infest Visual Studio Code extensions distributed via OpenVSX. The worm uses undisplayable Unicode characters to conceal malicious code in editors and leverages blockchain-based command-and-control techniques. The malware also infiltrates GitHub repositories by embedding payloads in AI-generated commits that mimic legitimate changes. The threat actor is Russia-based and has infected developers and enterprises across the US, Europe, Asia, South America, and a major government entity in the Middle East. Three newly compromised OpenVSX extensions were downloaded over 10,000 times combined, and attacker infrastructure remains active and spreading.
Read at InfoWorld
Unable to calculate read time
Collection
[
|
...
]