"The cluster of 73 extensions has been identified as cloned versions of their legitimate counterparts. Six have been confirmed to be malicious, while others act as sleeper packages to build trust."
"These cloned sleepers use the same icon and description as their legitimate versions to fool unsuspecting developers, employing a 'visual trust' tactic to boost install counts before serving malware."
"The threat actors behind the campaign are evolving their methods, pivoting to sleeper packages and transitive dependencies to evade detection, while using Zig-based droppers to deploy secondary extensions."
Cybersecurity researchers have identified 73 malicious Microsoft Visual Studio Code extensions associated with the GlassWorm information-stealing campaign. Six of these extensions are confirmed malicious, while others act as sleeper packages to build trust before revealing their true intent. The extensions were published recently and employ tactics like typosquatting and visual deception to mislead users. The campaign has evolved to use sleeper packages and Zig-based droppers to evade detection, posing significant risks to developers' environments.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]