All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

GlassWorm: First Self-Propagating Worm Targets VS Code Extensions with Invisible Code

By

dnslavin

7mo ago· 12 min readenNews
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

The bagel they save for the regulars. Don't skim, savour.

Score100TypenewsSentimentnegative

Summary

Researchers have discovered GlassWorm, the world's first self-propagating worm targeting VS Code extensions on the OpenVSX marketplace. This sophisticated malware uses invisible Unicode characters to hide malicious code from code editors, employs blockchain-based command and control infrastructure that can't be taken down, uses Google Calendar as a backup command server, and includes a full remote access trojan that compromises infected developers' systems.

Key quotes

· 3 pulled
GlassWorm isn't just another supply chain attack. It's using stealth techniques we've never seen before in the wild - invisible Unicode characters that make malicious code literally disappear from code editors.
Combine that with blockchain-based C2 infrastructure that can't be taken down, Google Calendar as a backup command server, and a full remote access trojan that turns every infected developer into a criminal.
A month after Shai Hulud became the first self-propagating worm in the npm ecosystem, we just discovered the world's first worm targeting VS Code extensions on OpenVSX marketplace.
Snippet from the RSS feed
A month after Shai Hulud became the first self-propagating worm in the npm ecosystem, we just discovered the world's first worm targeting VS Code extensions on OpenVSX marketplace.

You might also wanna read

Glassworm Malware Campaign Targets Developers via npm, PyPI, OpenVSX, and GitHub

Glassworm is a dangerous malware campaign targeting software developers by abusing trusted platforms including npm, PyPI, OpenVSX, and GitHu

cybersecuritynews.com·4d ago

Glassworm botnet targeting software developers taken down by CrowdStrike, Google, and Shadowserver

A coordinated takedown operation by CrowdStrike, Google, and the Shadowserver Foundation dismantled the Glassworm botnet on 26 May 2024. The

briefly.co·4d ago

CrowdStrike, Google, and Shadowserver dismantle Glassworm botnet targeting open-source developers

CrowdStrike, in collaboration with Google and the nonprofit Shadowserver, has taken down the Glassworm botnet — a cybercriminal operation th

buff.ly·4d ago

CrowdStrike, Google, and Shadowserver dismantle Glassworm botnet targeting open-source developers

CrowdStrike, in collaboration with Google and Shadowserver, has taken down the Glassworm botnet, which cybercriminals used for two years to

techcrunch.com·4d ago

VS Code Remote-SSH Vulnerability Enables Lateral Movement from Developer Machines to Cloud Servers

A critical vulnerability in Visual Studio Code's Remote-SSH extension creates a post-compromise attack path enabling threat actors to pivot

cybersecuritynews.com·2d ago