GlassWorm v2: 73 Fake VS Code Extensions on Open VSX

Colleagues — please note a cybersecurity incident: GlassWorm v2 was found leveraging counterfeit VS Code extensions on Open VSX.
Key points:
- Socket identified 73 cloned packages; 6 confirmed malicious, the remainder are dormant downloaders.
- Adversaries employ typosquatting, clone icons/descriptions and use Zig droppers to fetch VSIX from GitHub, installing via --install-extension.
- Objectives: data theft, RAT deployment and injection of a malicious Chromium extension; authors avoid Russian systems.
Why it matters: trusted extensions can compromise developer environments.
Recommendations: restrict extensions, verify sources, and monitor unexpected VSIX installs.
How do you protect your dev environments from such attacks?
#cybersecurity #supplychain #DevSecOps #VSCode


Latest comments
No comments yet.