Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse
Summary
Threat actors are leveraging the Open VSX registry to spread the GlassWorm malware by exploiting extension dependency features. Malicious extensions are updated to depend on other GlassWorm-linked extensions, allowing the malware loader to be delivered transitively after initial trust is established.
IFF Assessment
This campaign represents a sophisticated supply-chain attack that abuses trust and dependency mechanisms, making it harder for defenders to detect and prevent malware.
Defender Context
Defenders need to be vigilant about the transitive dependencies of software components, especially in development environments. This highlights the growing risk of supply-chain attacks within code repositories and extension marketplaces, requiring enhanced scrutiny of software sources and their relationships.