Malware Madness: GlassWorm Strikes Again, Infecting 24 Developer Extensions!

GlassWorm is back, infiltrating developer tools with 24 fake extensions on Microsoft Visual Studio Marketplace and Open VSX. These imposters mimic popular tools like Flutter and React, spreading malware and stealing credentials. Developers, beware! Your next extension download could be one click away from a comedy of errors.

3P
Published: December 2, 2025 3:41 pmAdded: December 2, 2025 at 8:08 amAssembled by: The Editor
Pro Dashboard

Hot Take:

GlassWorm is back, and it’s clear they didn’t come to play – they came to slay the developer ecosystem. Just when you thought it was safe to go back into the VS Code Marketplace and Open VSX, this insidious supply chain campaign returns with more extensions than a beauty pageant contestant. Beware developers, the only thing fluttering here should be your eyelashes, not your security protocols!

Key Points:

– GlassWorm infiltrates Microsoft Visual Studio Marketplace and Open VSX with 24 malicious extensions.
– Extensions impersonate popular tools like Flutter, React, and Vue.
– Attackers use Solana blockchain for command-and-control operations.
– Malicious extensions leverage Rust-based implants targeting Windows and macOS.
– Fake download counts deceive developers into trusting these extensions.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?