GlassWorm
Coverage of GlassWorm in the Nexus archive.
- GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure
CrowdStrike, Google, and the Shadowserver Foundation disrupted all command-and-control channels of GlassWorm, a malware campaign targeting software developers via malicious packages and extensions since early 2025. The takedown disrupted a persistent supply chain attack infrastructure.
- Fresh Wave of GlassWorm VS Code Extensions Slices Through Supply Chain
Attackers are distributing malicious VS Code extensions via Open VSX, exploiting supply chain vulnerabilities to spread self-propagating malware. The campaign involves seeding seemingly benign extensions that act as vectors for malware propagation.
- Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware
Cybersecurity researchers discovered 73 fake Microsoft Visual Studio Code extensions on the Open VSX repository linked to the GlassWorm v2 malware campaign. The malicious extensions, cloned from legitimate ones, include six confirmed to deliver malware.
- GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs
The GlassWorm campaign has evolved with a new Zig dropper designed to infect multiple developer IDEs. Researchers identified the threat in a malicious Open VSX extension named 'specstudio.code-wakatime-activity-tracker,' which disguises itself as the legitimate WakaTime tool.