GlassWorm malware resurfaces in VS code extensions.

GlassWorm reappeared in the Open VSX registry weeks after being removed from the VS Code marketplace, with three new infected extensions downloaded about 10,000 times. The malware hides code using Unicode selectors, relies on Solana blockchain for command-and-control, and enables remote access through proxy and VNC servers. Koi Security accessed the attackers’ server, finding stolen credentials from victims across multiple regions and evidence of Russian-speaking operators. Aikido Security also uncovered related malicious code on GitHub, warning attackers are blending realistic commits with hidden scripts, possibly aided by AI.

Read more:

https://www.securityweek.com/glassworm-malware-returns-to-open-vsx-emerges-on-github/