Fresh Wave of GlassWorm VS Code Extensions Slices Through Supply Chain
Summary
A new wave of malicious VS Code extensions, dubbed GlassWorm, are being distributed through the Open VSX registry. These extensions spread self-propagating malware, targeting the software supply chain.
IFF Assessment
FOE
This campaign represents a significant threat to the software supply chain, as it compromises developer tools and can lead to widespread malware distribution.
Defender Context
Defenders must be vigilant about the security of their development environments and the extensions they use. It highlights the growing risk of supply chain attacks targeting popular developer tools.