More fake extensions linked to GlassWorm found in Open VSX code marketplace
Summary
A threat actor has escalated its campaign by uploading 73 more fraudulent extensions to the Open VSX code marketplace, impersonating trusted developer tools. These extensions initially contain benign code to evade detection, later downloading the GlassWorm malware to developers' computers as an update. This tactic aims to infect software supply chains and distribute data-stealing malware.
IFF Assessment
The continued and escalating activity of threat actors exploiting open-source marketplaces like Open VSX to distribute malware poses a significant risk to software supply chains and developer security.
Defender Context
Defenders need to be vigilant about the security of open-source repositories and software supply chains, as threat actors are actively using them to distribute malware like GlassWorm. Organizations should implement robust checks for third-party code and dependencies, and educate developers on the risks of installing extensions from untrusted sources.