"According to the Open VSX team, the incident has been fully contained and closed since October 21. The group has implemented several improvements. These improvements cover various aspects of the platform. First, token lifetimes have been shortened to prevent potential leaks. In addition, token withdrawal has been made easier and faster through improved internal workflows. From now on, a security scan will also be performed when publishing extensions."
"A new cyber threat is affecting developers worldwide who work with Visual Studio Code. Researchers at Koi Security have discovered an attack they call GlassWorm. It is a worm that spreads itself via infected VS Code extensions. According to Koi Security, it is the first attack of its kind to use so-called invisible Unicode characters, which make malicious code literally invisible to developers and security tools."
"The attack began on the OpenVSX Marketplace, the open-source alternative to Microsoft's own extension marketplace. A popular extension called CodeJoy was found to be infected when version 1.8.3 was released. The malware inserted itself between the regular source code, but by using special Unicode characters, it appeared to the naked eye as if nothing was wrong. Even a manual code inspection showed no abnormalities. This technique breaks the fundamental principle that human code control is sufficient to detect malicious additions."
GlassWorm is a worm that spread through infected Visual Studio Code extensions by inserting malicious code with invisible Unicode characters, making the additions invisible to developers and security tools. The infection began on the OpenVSX Marketplace with the popular CodeJoy extension (version 1.8.3). The malware used the Solana blockchain memo field as a command-and-control channel. Research by Wiz and a report from Koi Security identified the incident. The Open VSX team contained and closed the incident on October 21 and fixed the leak by November 6. Mitigations include shortened token lifetimes, faster token withdrawal workflows, mandatory security scans on extension publishing, and information-sharing with other marketplaces.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]