Glassworm: Undermining Developer Trust in VS Code Extensions
Glassworm malware campaign, a sophisticated supply chain attack that specifically targets developers utilizing the Visual Studio Code extension marketplaces, including OpenVSX and Microsoft. This latest wave of malware evades platform security by employing advanced obfuscation techniques, notably using invisible Unicode characters and pushing malicious code through updates after initial approval. Once active, Glassworm’s primary function is credential theft, harvesting authentication tokens for GitHub, npm, and other developer accounts, while also targeting dozens of cryptocurrency wallets. The malware further establishes persistent access by deploying SOCKS proxies and HVNC (Hidden Virtual Network Computing) clients, granting attackers undetected remote control over the compromised development environment. Utilizing the urgency of this threat, the text concludes with a promotional section from Technijian, a managed IT services provider, marketing its specialized cybersecurity, security training, and comprehensive defense strategies to businesses in Southern California.
