Search Results: GlassWorm

Koi Research has uncovered a new wave of the GlassWorm campaign that replaces the old Unicode‑based payload with native Rust binaries, targeting both OpenVSX and Microsoft’s official VS Code marketplace. The shift to compiled code makes detection harder and signals a new level of sophistication in supply‑chain attacks.

A sophisticated self-spreading malware called GlassWorm is actively compromising OpenVSX and VS Code extensions using invisible Unicode characters and blockchain-powered C2 infrastructure. The worm steals credentials, deploys remote access tools, and has infected over 35,800 installations via auto-updating extensions. This represents one of the most advanced supply-chain attacks ever seen in developer tooling.