GlassWorm Strikes Again: Malware Creeps Back into VSCode Extensions with 10,000 Downloads
GlassWorm is back, slithering through OpenVSX with three new VSCode extensions. Despite last month’s exposure, it’s downloaded over 10,000 times. Using invisible Unicode characters, it stealthily targets GitHub and cryptocurrency wallets. Koi Security, tracking this Russian-speaking menace, is coordinating with law enforcement. Stay alert; those “blank” spaces might not be so empty!
Hot Take:
Looks like the GlassWorm is spinning its web again! This malware campaign has more comebacks than a pop star on their third farewell tour. Just when you thought it was safe to download a VSCode extension, BAM! GlassWorm is back with a vengeance. Who knew Unicode characters could be so sneaky? It’s like finding out your invisible friend has been raiding your fridge. But don’t worry, Koi Security is on the case, and they’re doing their best Sherlock Holmes impression to keep this digital menace under wraps. Stay safe, code warriors!
Key Points:
- GlassWorm malware is back, targeting OpenVSX and Visual Studio Code marketplaces.
- New extensions have been downloaded over 10,000 times, possibly inflated by the attackers.
- Malware uses invisible Unicode characters to execute JavaScript for malicious actions.
- Koi Security reports the malware uses the same infrastructure with updated command-and-control endpoints.
- Data on victims span across multiple continents and include government entities.