GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers
Summary
The GlassWorm campaign has evolved, now leveraging the Open VSX registry to propagate more effectively. Attackers are exploiting extensionPack and extensionDependencies to link seemingly innocent extensions with malicious loaders, posing a greater risk to developers.
IFF Assessment
This is bad news for defenders as the attack vector has become more sophisticated, making it harder to detect and mitigate threats targeting software developers.
Defender Context
Defenders need to be vigilant about the security of software development supply chains, particularly concerning extensions from open registries. Organizations should implement strict vetting processes for all third-party code and extensions, and monitor for unusual dependencies or behaviors within development environments.