16 matches found
GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure
CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control C2 channels associated with GlassWorm, a persistent software chain campaign targeting software developers through malicious packages and extensions. "Since...
Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware
Cybersecurity researchers have flagged dozens of Microsoft Visual Studio Code VS Code extensions on the Open VSX repository that are linked to a persistent information-stealing campaign dubbed GlassWorm. The cluster of 73 extensions has been identified as cloned versions of their legitimate...
GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs
Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that's designed to stealthily infect all integrated development environments IDEs on a developer's machine. The technique has been discovered in an Open VSX extension...
A week in security (March 23 – March 29)
Last week on Malwarebytes Labs: Criminals are renting virtual phones to bypass bank security Bogus Avast website fakes virus scan, installs Venom Stealer instead Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka GlassWorm attack installs fake browser extension for...
GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data
Cybersecurity researchers have flagged a new evolution of the GlassWorm campaign that delivers a multi-stage framework capable of comprehensive data theft and installing a remote access trojan RAT, which deploys an information-stealing Google Chrome extension masquerading as an offline version of...
GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos
The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories. "The attack targets Python projects — including Django apps, ML research code, Streamlit dashboards, and PyPI packages — by...
Embedded Malicious Code
Overview react-native-international-phone-number is an International mobile phone input component with mask for React Native Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised and a malicious version was released on...
Malicious Package
Overview @aifabrix/miso-client is a malicious package. This package was affected by the 'GlassWorm' supply chain attack. It includes a hidden malicious payload embedded with invisible Unicode characters. These characters hide a decoder that retrieves and executes a concealed payload through eval...
Malicious Package
Overview @iflow-mcp/watercrawl-watercrawl-mcp is a malicious package. This package was affected by the 'GlassWorm' supply chain attack. It includes a hidden malicious payload embedded with invisible Unicode characters. These characters hide a decoder that retrieves and executes a concealed payloa...
GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers
Cybersecurity researchers have flagged a new iteration of the GlassWorm campaign that they say represents a "significant escalation" in how it propagates through the Open VSX registry. "Instead of requiring every malicious listing to embed the loader directly, the threat actor is now abusing...
Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm
Cybersecurity researchers have disclosed details of a supply chain attack targeting the Open VSX Registry in which unidentified threat actors compromised a legitimate developer's resources to push malicious updates to downstream users. "On January 30, 2026, four established Open VSX extensions...
GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools
The supply chain campaign known as GlassWorm has once again reared its head, infiltrating both Microsoft Visual Studio Marketplace and Open VSX with 24 extensions impersonating popular developer tools and frameworks like Flutter, React, Tailwind, Vim, and Vue. GlassWorm was first documented in...
GlassWorm Malware Discovered in Three VS Code Extensions with Thousands of Installs
Cybersecurity researchers have disclosed a new set of three extensions associated with the GlassWorm campaign, indicating continued attempts on part of threat actors to target the Visual Studio Code VS Code ecosystem. The extensions in question, which are still available for download, are listed...
Eclipse Foundation Revokes Leaked Open VSX Tokens Following Wiz Discovery
Eclipse Foundation, which maintains the open-source Open VSX project, said it has taken steps to revoke a small number of tokens that were leaked within Visual Studio Code VS Code extensions published in the marketplace. The action comes following a report from cloud security company Wiz earlier...
Self-Spreading 'GlassWorm' Infects VS Code Extensions in Widespread Supply Chain Attack
Cybersecurity researchers have discovered a self-propagating worm that spreads via Visual Studio Code VS Code extensions on the Open VSX Registry and the Microsoft Extension Marketplace, underscoring how developers have become a prime target for attacks. The sophisticated threat, codenamed...
GlassWorm Malware Targets Developers Through OpenVSX Marketplace
GlassWorm, a self-propagating malware, infects VS Code extensions through the OpenVSX marketplace, stealing credentials and using blockchain for control...