Malware dubbed GlassWorm is being used to target supply chains.

Dubbed GlassWorm, this malware was designed to steal information from its victims through NPM, GitHub, and Git credentials. Additionally, it was designed to drain funds from 49 cryptocurrency extensions. Koi Security states that what makes GlassWorm stand out is its use of Unicode variation selectors. According to Koi Security, the attack started on October 17th.

Read more:

https://www.securityweek.com/supply-chain-attack-targets-vs-code-extensions-with-glassworm-malware/