73 Malicious VS Code Extensions Push GlassWorm v2 Malware
Researchers have identified a significant campaign, dubbed GlassWorm, targeting developers through the Open VSX repository. According to The Hacker News, 73 Visual Studio Code extensions were found to be cloned versions of legitimate tools, with six confirmed to be actively malicious. These extensions are designed to steal information from unsuspecting developers, compromising sensitive code and credentials.
The attack vector relies on the trust developers place in integrated development environment (IDE) tools. By masquerading as popular extensions, these malicious packages can gain access to a developer’s local machine and potentially their organization’s network. The widespread use of VS Code makes this a particularly potent threat, potentially impacting a large number of software development professionals and the organizations they work for.
What This Means For You
- If your developers use VS Code, immediately audit all installed extensions, especially those from less-known or unofficial repositories like Open VSX. Remove any extensions that are not verified or are suspected clones. Ensure developers understand the risks of installing untrusted plugins and implement strict policies around IDE tool usage.
Related ATT&CK Techniques
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| GlassWorm-v2-Campaign | Information Disclosure | Fake VS Code Extensions delivering GlassWorm v2 Malware |
| GlassWorm-v2-Campaign | Misconfiguration | Open VSX repository hosting malicious VS Code extensions |
| GlassWorm-v2-Campaign | Code Injection | Malicious VS Code extensions (6 confirmed malicious out of 73 identified) |
Written by SCW Vulnerability Desk
Related coverage on
Microsoft Teams Impersonation Leads to Corporate Network Breaches
Hackers are actively impersonating Microsoft Teams help desk personnel to infiltrate corporate networks. The Record by Recorded Future reports that these attackers trick victims into...
Microsoft Windows Patch Incomplete, APT28 Exploits Zero-Click Vulnerability
Microsoft's attempt to patch a critical Windows vulnerability has fallen short, leaving a zero-click attack vector wide open. SecurityWeek reports that the initial flaw was...
Anthropic Claude Mythos: AI-Driven Vulnerability Discovery Changes Remediation Math
Anthropic’s Claude Mythos Preview, announced on April 7, is reshaping the vulnerability discovery landscape. The Hacker News reports that this powerful cybersecurity-focused AI system can...