GlassWorm malware attacks return via 73 OpenVSX "sleeper" extensions
Summary
The GlassWorm malware campaign has resurfaced, exploiting the OpenVSX ecosystem by compromising 73 "sleeper" extensions. These extensions appear benign until updated, at which point they activate malicious code, posing a threat to users and organizations relying on OpenVSX.
IFF Assessment
FOE
This campaign represents a new and concerning method for malware distribution, making it harder for defenders to detect and mitigate threats.
Defender Context
Defenders should be aware of this evolving threat to the OpenVSX ecosystem and scrutinize extension updates carefully. Monitoring for unusual behavior within development environments and implementing robust endpoint detection and response (EDR) solutions are crucial to identify and neutralize compromised extensions.