All articles tagged with #glassworm
A renewed GlassWorm supply-chain campaign has compromised 433 components across GitHub, npm, and VSCode/OpenVSX, spreading via compromised accounts, obfuscated code, and a Solana-based C2 to harvest wallet data, credentials, and environment info; indicators include marker lzcdrtfxyqiplpd and init.json persistence, with warnings to inspect for rogue Node.js installs and unusual commit histories.
Cybersecurity researchers have identified three malicious VS Code extensions linked to the GlassWorm campaign, which uses invisible Unicode characters to hide malware, steal credentials, and spread in a worm-like fashion. Despite removal efforts, the threat has resurfaced, leveraging blockchain-based command-and-control infrastructure to maintain resilience. The attack has affected victims worldwide, including a major Middle Eastern government, and has expanded to target GitHub repositories.