Alert: The GlassWorm malware campaign is exploiting Solana blockchain transactions to deploy RATs and steal sensitive data. Developers, stay vigilant! #CyberSecurity #Malware #GlassWorm #Solana Link: thedailytechfeed.com/glassworm-ma...

GlassWorm attack installs fake browser extension for surveillance GlassWorm infiltrates developer ecosystems by distributing malicious or compromised npm/PyPI/VS Code packages that run hidden preinstall scripts to fingerprint systems and retrieve secondary payload locations from the Solana blockchain. After initial execution it deploys an infostealer, a Ledger/Trezor phishing binary, and a Node.js RAT that gains persistence, force‑installs a fake Chrome...

GlassWorm infiltrates developer ecosystems by distributing malicious npm, PyPI, and VS Code packages with hidden scripts that install info stealers, phishing binaries, and a fake Chrome extension for surveillance via Solana blockchain. #GlassWorm #Solana

RobinReach

GlassWorm hides behind trusted dev accounts, legit services and a fake Google Docs extension. Every stage looks clean on its own. The attack only surfaces when you connect the dots.

That's a threat hunting problem.

#ThreatHunting #GlassWorm #InfoSec

GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data Researchers have uncovered a new evolution of the GlassWorm campaign that uses rogue packages and compromised maintainer accounts to deliver a multi-stage framework for data theft and remote access. The chain includes a .NET hardware-wallet phishing binary, a WebSocket JavaScript RAT that force-installs a malicious "Google Docs Offline" Chrome extension, and...

GlassWorm malware leverages compromised maintainer accounts to deliver a multi-stage RAT, phishing binaries, and a malicious Chrome extension, using Solana blockchain dead drops for C2 to steal browser and crypto data. #GlassWorm #Solana

GlassWorm malware hides in invisible open-source code A cybercrime campaign called GlassWorm is hiding malware in invisible characters and spreading it through software that millions of developers rely on

#GlassWorm malware hides in invisible open-source code. Via @scientific_american #CyberSecurity

GlassWorm malware hides in invisible open-source code A cybercrime campaign called GlassWorm is hiding malware in invisible characters and spreading it through software that millions of developers rely on

GlassWorm malware hides in invisible open-source code [via @sciam.bsky.social] 🧪🔍🐛💻👨‍💻

"a class of attacks called “Trojan Source,” which exploited #Unicode, the standard that computers use to represent text and symbols."

www.scientificamerican.com/article/glas...

#OpenSource #malware #GlassWorm

GlassWorm malware hides in invisible open-source code A cybercrime campaign called GlassWorm is hiding malware in invisible characters and spreading it through software that millions of developers rely on

GlassWorm malware hides in invisible open-source code #Science #ComputerScience #Cybersecurity #GlassWorm #Malware

www.scientificamerican.com/article/glassworm-malwar...

GlassWorm Open VSX Malware

~Socket~
Open VSX sleeper extensions activate to deploy GitHub-hosted VSIX malware via Solana C2.
-
IOCs: github[. ]com/chiara585, github[. ]com/francesca898, 6YGcuyFRJKZtcaYCCFba9fScNUvPkGXodXE1mJiSzqDJ
-
#GlassWorm #Malware #ThreatIntel

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions.

#GlassWorm #malware hits 400+ code repos on #GitHub, #npm, #VSCode, #OpenVSX

www.bleepingcomputer.com/news/security/glassworm-...

#cybersecurity

npm is serving malware to 134,000 developers, and the maintainer can’t stop it | Blog | Endor Labs An attacker took over the npm account behind react-native-international-phone-number and react-native-country-select, publishing three waves of malicious versions containing malware linked to the Glas...

#GlassWorm compromised an #npm maintainer account, pushing 3 waves of malware across packages with 134K monthly downloads.

Endor Labs tracked 11 compromised versions across 4 packages and mapped the full infection chain + IoCs.

www.endorlabs.com/learn/npm-is...

GitHub: Glassworm Hides Malware in Invisible Unicode Across 151+ Repos The Glassworm campaign has compromised over 151 GitHub repositories and npm packages using invisible Unicode payloads that evade standard code review.

winbuzzer.com/2026/03/16/g...

Glassworm Hides Malware in Invisible Unicode Across 151+ Repos

#GitHub #Cybersecurity #Malware #VSCode #npm #OpenSource #Developers #SoftwareDevelopment #Cybercrime #Hackers #SecurityVulnerabilities #Microsoft #Software #BigTech #VSCodeExtension #GlassWorm #OpenVSX

GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers GlassWorm campaign used 72 malicious Open VSX extensions and infected 151 GitHub repositories, enabling stealth supply-chain attacks on developers.

If you're currently on GitHub, be very careful!

#glassworm

GlassWorm Campaign Expands Through Malicious Open VSX Extensions A large-scale malicious campaign tied to GlassWorm has expanded within the ecosystem of open VSX extensions, introducing a method ...

#Firewall #Daily #Cyber #News #Dark #Web #News […]

[Original post on thecyberexpress.com]

GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers assistance like Google Antigravity read more about GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers

GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers reconbee.com/glassworm-su...

#GlassWorm #supplychain #supplychainattack #openvsxextension #cybersecurity #cyberattack

Alert: GlassWorm campaign escalates with 72 malicious Open VSX extensions targeting developers. Stay vigilant and review your extensions. #CyberSecurity #GlassWorm #VSCode #SupplyChainAttack Link: thedailytechfeed.com/glassworm-ma...

Alert: The GlassWorm malware campaign has expanded, introducing 72 malicious Open VSX extensions targeting developers. Stay vigilant and review your extensions. #CyberSecurity #MalwareAlert #GlassWorm Link: thedailytechfeed.com/glassworm-ma...

GlassWorm Abuses 72 Open VSX Extensions in Bold Supply-Chain Assault  GlassWorm has resurfaced with a more aggressive supply‑chain campaign, this time weaponizing the Open VSX registry at scale to target developers. Security researchers say the latest wave represents a significant escalation in both scope and stealth compared to earlier activity.  Since January 31, 2026, at least 72 new malicious Open VSX extensions have been identified, all masquerading as popular tools like linters, formatters, code runners, and AI‑powered coding assistants. These look and behave like legitimate utilities at first glance, making it easy for busy developers to trust and install them. Behind the scenes, however, they embed hidden logic designed to pull in additional malware once inside a development environment. The attackers now abuse trusted Open VSX features such as extensionPack and extensionDependencies to spread their payloads transitively. An extension can appear harmless on installation but later pull in a malicious dependency via an update or a bundled pack. This approach allows the threat actor to minimize obviously suspicious code in each listing while still maintaining a broad infection path. Once executed, GlassWorm behaves as a multi‑stage infostealer and remote access tool targeting developer systems. It focuses on harvesting credentials for npm, GitHub, Git, and other services, then uses those stolen tokens to compromise additional repositories and publish more infected extensions. This creates a self‑reinforcing loop that can quickly expand across ecosystems if not promptly contained.  Beyond credentials, GlassWorm aggressively targets financial data by going after more than 49 different cryptocurrency wallet browser extensions, including popular wallets like MetaMask, Coinbase, and Phantom. Stolen cookies and session tokens can enable account takeover, while drained wallets provide immediate monetization for the attackers. In later stages, the malware deploys a hidden VNC component and SOCKS proxy, effectively converting developer machines into nodes within a criminal infrastructure.  For developers and organizations, this campaign underscores how extension ecosystems have become high‑value attack surfaces. Teams should enforce strict extension allowlists, monitor unusual repository activity, and rotate credentials if any suspicious Open VSX extensions were recently installed. Security tooling that inspects extension metadata, dependency chains, and post‑install behavior is now essential to counter evolving threats like GlassWorm.

GlassWorm Abuses 72 Open VSX Extensions in Bold Supply-Chain Assault #AITool #GlassWorm #malware

GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers Cybersecurity researchers have flagged a new iteration of the GlassWorm campaign that they say represents a "significant escalation" in how it propagates through the Open VSX registry. "Instead of requiring every malicious listing to embed the loader directly, the threat actor is now abusing extensionPack and extensionDependencies to turn initially standalone-looking extensions into transitive

iT4iNT SERVER GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers VDS VPS Cloud #Cybersecurity #SupplyChainAttack #GlassWorm #OpenVSX #Malware

Original post on mastodon.world

When I say "IT mostly just runs in circles" I mean it: arstechnica.com/security/2026/03/supply-...

This article from 2026 describes something I've been fighting with ~17 years ago. Sure, slightly more clever payload and […]

Alert: GlassWorm malware infiltrates over 22,000 VSX extensions, targeting developers. Ensure your tools are secure. #PotatoSecurity #GlassWorm #VSX #DeveloperSafety Link: thedailytechfeed.com/glassworm-ma...

Alert: GlassWorm malware infiltrates over 22,000 VSX extensions, targeting developers. Ensure your tools are secure. #CyberSecurity #GlassWorm #VSX #DeveloperSafety Link: thedailytechfeed.com/glassworm-ma...

GlassWorm Loader in Open VSX Extensions

~Socket~
GlassWorm malware distributed via four compromised Open VSX extensions, stealing developer credentials, SSH/AWS keys, and crypto wallets.
-
IOCs: 45. 32. 150. 251
-
#GlassWorm #SupplyChainAttack #ThreatIntel

Open VSX Marketplace Hit by Supply Chain Attack Spreading "GlassWorm" Malware A supply chain attack on the Open VSX Registry where a compromised developer account was used to publish malicious versions of four extensions, distributing the GlassWorm malware loader.

📢 Open VSX Registry hit by supply chain attack! A compromised developer account was used to inject GlassWorm malware into 4 popular VS Code extensions, affecting 22k+ downloads. #OpenVSX #SupplyChain #Malware #GlassWorm

New GlassWorm attack targets macOS via compromised OpenVSX extensions A new GlassWorm malware attack through compromised OpenVSX extensions focuses on stealing passwords, crypto-wallet data, and developer credentials and configurations from macOS systems.

New #GlassWorm attack targets #macOS via compromised #OpenVSX extensions

www.bleepingcomputer.com/news/security/new-glassw...

#cybersecurity

New GlassWorm attack targets macOS via compromised OpenVSX extensions Visual Studio Code marketplace as well as OpenVSX read more about New GlassWorm attack targets macOS via compromised OpenVSX extensions

New GlassWorm attack targets macOS via compromised OpenVSX extensions reconbee.com/new-glasswor...

#GlassWormattack #GlassWorm #macOS #openVSX #cybersecurity #cyberattacks

Open VSX Marketplace Hit by Supply Chain Attack Spreading "GlassWorm" Malware A supply chain attack on the Open VSX Registry where a compromised developer account was used to publish malicious versions of four extensions, distributing the GlassWorm malware loader.

📢 Open VSX Registry hit by supply chain attack! A compromised developer account was used to inject GlassWorm malware into 4 popular VS Code extensions, affecting 22k+ downloads. #OpenVSX #SupplyChain #Malware #GlassWorm

Open Vsx Supply Chain Attack Spreads Glassworm
Read More: buff.ly/e6UnZRQ

#OpenVSX #GlassWorm #SupplyChainAttack #DeveloperTools #MaliciousUpdates #OpenSourceRisk #ThreatIntel #SoftwareSecurity

Alert: GlassWorm malware infiltrates Open VSX extensions, targeting macOS developers. Ensure your extensions are up-to-date and review security practices. #CyberSecurity #OpenVSX #GlassWorm Link: thedailytechfeed.com/glassworm-ma...

Alert: GlassWorm malware infiltrates Open VSX extensions, targeting macOS developers. Ensure your extensions are up-to-date and review security practices. #CyberSecurity #OpenVSX #GlassWorm Link: thedailytechfeed.com/glassworm-ma...

Original post on securityweek.com

Open VSX Publisher Account Hijacked in Fresh GlassWorm Attack A hacker published malicious versions of four established VS Code extensions to distribute a GlassWorm malware loader. The post Open VS...

#Malware #& #Threats #Supply #Chain #Security #GlassWorm […]

[Original post on securityweek.com]