Threats Tagged 'glassworm'
View all threats tagged with 'glassworm'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'glassworm'
Click on any threat for detailed analysis and mitigation recommendations
73 Open VSX Sleeper Extensions Linked to Malware Show New Activations 0 The GlassWorm campaign targeting Open VSX has escalated with 73 newly identified impersonation extensions. These sleeper extensions were initially published without malicious payloads by newly created GitHub accounts, appearing benign to build trust and credibility. At least six extensions have been activated to deliver malware through normal update mechanisms. The extensions clone popular legitimate listings with similar branding, icons, and descriptions, making detection difficult. The threat actor has shifted delivery methods away from embedded loaders toward transitive delivery via extension dependencies, external payload retrieval from GitHub-hosted VSIX files, and native binary execution. Some variants use obfuscated JavaScript to decode and retrieve payloads at runtime. The malicious code targets multiple IDEs including VS Code, Cursor, Windsurf, and VSCodium, installing downloaded extensions through command-line interfaces. Join the discussion | AlienVault OTX General | 04/27/2026, 16:18:38 UTC Added: 04/27/2026, 16:30:05 UTC |
GlassWorm attack installs fake browser extension for surveillance 0 GlassWorm is a sophisticated malware targeting developers through compromised code repositories and package managers. It executes in stages, starting with a stealthy infection that fingerprints the machine and fetches further payloads via the Solana blockchain. The malware steals sensitive data, including cryptocurrency wallets and development credentials, installs a Remote Access Trojan (RAT), and deploys a fake Chrome extension for extensive surveillance. It uses distributed hash tables and blockchain for resilient command and control. While initially focused on developers with potential cryptocurrency assets, the stolen information could enable wider supply chain attacks. Prevention strategies include careful package management, regular extension audits, and up-to-date anti-malware solutions. Join the discussion | AlienVault OTX General | 03/26/2026, 20:45:05 UTC Added: 03/26/2026, 21:44:45 UTC |
GlassWorm: Self-Propagating VSCode Extension Worm 0 GlassWorm is a groundbreaking self-propagating worm targeting VS Code extensions on OpenVSX marketplace. It employs invisible Unicode characters to conceal malicious code and utilizes a blockchain-based command and control infrastructure on Solana. The worm compromised seven OpenVSX extensions with 35,800 downloads, harvesting NPM, GitHub, and Git credentials, targeting cryptocurrency wallets, deploying SOCKS proxy servers, and installing hidden VNC servers. It spreads exponentially through the developer ecosystem using stolen credentials. The worm employs a triple-layer C2 setup involving Solana blockchain, direct IP connection, and Google Calendar. A new infected extension was also detected in Microsoft's VSCode marketplace. The campaign remains active, necessitating immediate security measures and audits of installed extensions. Join the discussion | AlienVault OTX General | 10/21/2025, 16:50:52 UTC Added: 10/21/2025, 19:24:05 UTC |
Showing 1 to 3 of 3 results