Threats Tagged 'open vsx'
View all threats tagged with 'open vsx'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'open vsx'
Click on any threat for detailed analysis and mitigation recommendations
73 Open VSX Sleeper Extensions Linked to Malware Show New Activations 0 The GlassWorm campaign targeting Open VSX has escalated with 73 newly identified impersonation extensions. These sleeper extensions were initially published without malicious payloads by newly created GitHub accounts, appearing benign to build trust and credibility. At least six extensions have been activated to deliver malware through normal update mechanisms. The extensions clone popular legitimate listings with similar branding, icons, and descriptions, making detection difficult. The threat actor has shifted delivery methods away from embedded loaders toward transitive delivery via extension dependencies, external payload retrieval from GitHub-hosted VSIX files, and native binary execution. Some variants use obfuscated JavaScript to decode and retrieve payloads at runtime. The malicious code targets multiple IDEs including VS Code, Cursor, Windsurf, and VSCodium, installing downloaded extensions through command-line interfaces. Join the discussion | AlienVault OTX General | 04/27/2026, 16:18:38 UTC Added: 04/27/2026, 16:30:05 UTC |
Showing 1 to 1 of 1 result