All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

GlassWASM: Trojanized VS Code Extensions on Open VSX Deliver WebAssembly Malware via Solana Blockchain

By

SocketDev

7d ago· 4 min readenNews
technologycybersecurityprogrammingsupply chain security

Summary

Socket's Threat Research team discovered trojanized Visual Studio Code extensions on the Open VSX marketplace that deliver a TinyGo-compiled WebAssembly (WASM) payload. The malware, dubbed GlassWASM, uses Solana blockchain memos as a takedown-resistant command-and-control dead drop mechanism, marking a novel evolution in supply chain attacks targeting developer tools.

Source

bskyGlassWASM: Trojanized VS Code Extensions on Open VSX Deliver WebAssembly Malware via Solana Blockchainhendryadrian.com

Key quotes

· 3 pulled
Socket's Threat Research team uncovered trojanized Open VSX Visual Studio Code extensions that delivered a TinyGo-compiled WebAssembly payload and used Solana memos as a takedown-resistant command-and-control dead drop.
The campaign represents a significant evolution in supply chain attacks, leveraging blockchain technology for resilient command-and-control infrastructure.
This novel approach allows attackers to maintain persistent control over compromised systems even after traditional C2 servers are taken down.
Snippet from the RSS feed
Socket’s Threat Research team uncovered trojanized Open VSX Visual Studio Code extensions that delivered a TinyGo-compiled WebAssembly payload and used Solana memos as a takedown-resistant command-and-control dead drop. The campaign, attrib...

You might also wanna read

GlassWorm: First Self-Propagating Worm Targets VS Code Extensions with Invisible Code

Researchers have discovered GlassWorm, the world's first self-propagating worm targeting VS Code extensions on the OpenVSX marketplace. This

koi.ai·8mo ago

Glassworm Threat Actor Returns with Unicode-Based Supply Chain Attacks on GitHub, npm, and VS Code

The Glassworm threat actor has returned with a new wave of supply chain attacks using invisible Unicode characters to compromise software re

aikido.dev·3mo ago

North Korean Hackers Exploit Visual Studio Code to Deploy Backdoor Malware via Git Repositories

Jamf Threat Labs has identified North Korean threat actors expanding their abuse of Microsoft Visual Studio Code to deploy backdoor malware.

jamf.com·5mo ago

Supply Chain Attacks on Open-Source Software: Case Study of Malicious Pull Request Attempts

The article discusses recent supply chain attacks on open-source software projects like LiteLLM and axios, with a specific case study of att

casco.com·2mo ago

Show HN: VSCan - Detect Malicious VSCode Extensions

vscan.dev·1y ago

Microsoft uncovers Tor-based cryptocurrency clipper malware with worm-like propagation

Microsoft Threat Intelligence identified a Windows-based cryptocurrency clipper malware campaign active since February 2026. The malware use

microsoft.com·5d ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.