GlassWorm Expands to 433 Repos Across GitHub, npm, and VSCode

March 18, 2026 at 11:17 AM

•

1 min read

GlassWorm Expands to 433 Repos Across GitHub, npm, and VSCode — Photo: BleepingComputer

TL;DR Summary

A renewed GlassWorm supply-chain campaign has compromised 433 components across GitHub, npm, and VSCode/OpenVSX, spreading via compromised accounts, obfuscated code, and a Solana-based C2 to harvest wallet data, credentials, and environment info; indicators include marker lzcdrtfxyqiplpd and init.json persistence, with warnings to inspect for rogue Node.js installs and unusual commit histories.

Topics:business #cybersecurity #github #glassworm #security #supply-chain #vscode

Share this article

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX BleepingComputer
Glassworm Returns: Invisible Unicode Malware Found in 150+ GitHub Repositories Aikido Security
ForceMemo: Python Repositories Compromised in GlassWorm Aftermath SecurityWeek
GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos The Hacker News
GlassWorm Malware Evolves to Hide in Dependencies Dark Reading

Reading Insights

Total Reads

Unique Readers

Time Saved

4 min

vs 5 min read

Condensed

94%

836 → 51 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights