Glassworm Returns, Targeting VS Code Extensions

The Glassworm malware has resurfaced, targeting Visual Studio Code extensions to infiltrate developer environments. This sophisticated attack vector exploits the trust developers place in VS Code extensions, allowing Glassworm to execute malicious code and potentially compromise sensitive development projects. The resurgence of Glassworm highlights the evolving tactics of cybercriminals who are increasingly focusing on supply chain attacks within software development tools. Organizations and developers must remain vigilant by scrutinizing extension sources, applying strict security policies, and employing advanced threat detection mechanisms. This article delves into the technical details of the Glassworm campaign, its impact on the cybersecurity landscape, and best practices for mitigating risks associated with compromised development environments. The return of Glassworm serves as a critical reminder of the need for continuous monitoring and proactive defense strategies in the software supply chain ecosystem.

This Cyber News was published on www.darkreading.com. Publication date: Mon, 10 Nov 2025 22:15:05 +0000

Cyber News related to Glassworm Returns, Targeting VS Code Extensions

Glassworm Returns, Targeting VS Code Extensions - The Glassworm malware has resurfaced, targeting Visual Studio Code extensions to infiltrate developer environments. This sophisticated attack vector exploits the trust developers place in VS Code extensions, allowing Glassworm to execute malicious ...
2 months ago Darkreading.com Glassworm

Self-spreading Glassworm malware hits OpenVSX, VS Code registries - A new self-spreading malware named Glassworm has been discovered targeting OpenVSX and Visual Studio Code registries. This sophisticated malware exploits vulnerabilities in popular code registries to propagate itself and potentially compromise ...
3 months ago Bleepingcomputer.com

Glassworm malware returns on OpenVSX with 3 new VSCode extensions - The Glassworm malware has resurfaced on the OpenVSX marketplace, disguised within three new Visual Studio Code (VSCode) extensions. This resurgence highlights ongoing risks associated with third-party extension repositories, which often lack the ...
2 months ago Bleepingcomputer.com

Fake VPN Chrome extensions force-installed 1.5 million times - Three malicious Chrome extensions posing as VPN infected were downloaded 1.5 million times, acting as browser hijackers, cashback hack tools, and data stealers. According to ReasonLabs, which discovered the malicious extensions, they are spread via ...
2 years ago Bleepingcomputer.com

New Glassworm Malware Uses Invisible Code to Evade Detection - A new variant of the Glassworm malware has been discovered, employing innovative invisible code techniques to evade traditional cybersecurity defenses. This advanced malware leverages stealthy code injection methods that make it nearly undetectable ...
3 months ago Cybersecuritynews.com CVE-2024-12345 CVE-2024-67890 Glassworm Group

Over 6 Million Chrome Extensions Can Execute Remote Commands on Users’ Browsers - A major security incident has come to light involving more than six million installations of Chrome browser extensions that secretly execute remote commands, track user activity, and potentially expose sensitive information. John Tuckner of secure ...
9 months ago Cybersecuritynews.com

The zero-day that could've compromised every Cursor and Windsurf user - In a recent post Yomtom explains that while examining the build process behind OpenVSX, the open-source marketplace powering extensions for tools like Cursor, Windsurf, VSCodium, and others, he discovered a critical flaw. Dubbed VSXPloit: A single ...
6 months ago Bleepingcomputer.com

Developers Beware of Malicious VS Code Extension Apps With Million of Installations - Cybersecurity researchers have uncovered a disturbing campaign targeting software developers through malicious Visual Studio Code extensions that have collectively amassed millions of installations. These compromised extensions, masquerading as ...
9 months ago Cybersecuritynews.com

Google Takes Down Over 50,000 Instances of Malicious Chrome Extensions - Google recently took down over 50,000 Chrome browser extensions after discovering that they were involved in malicious activity. The malicious activity included advertising click fraud, downloading malware, and displaying adware. According to Google, ...
2 years ago Thehackernews.com

Threat Actors May Abuse VS Code Extensions to Deliver Malware - Visual Studio Code (VS Code) extensions have become a popular tool for developers to enhance their coding environment. However, recent cybersecurity research highlights a growing threat where malicious actors exploit these extensions to deliver ...
2 months ago Cybersecuritynews.com

Malicious Chrome VPN Extensions Installed 1.5M Times Browsers - In a recent cybersecurity revelation, a highly sophisticated cyber attack campaign has emerged, weaving a web of deceit through malicious web extensions cunningly disguised as VPNs. ReasonLabs, a cybersecurity firm, has discovered online piracy ...
2 years ago Cybersecuritynews.com

VSCode extensions found downloading early-stage ransomware - It is notable that the extensions were uploaded onto the VSCode Marketplace on October 27, 2024 (ahban.cychelloworld) and February 17, 2025 (ahban.shiba), bypassing safety review processes and remaining on Microsoft's store for an extensive ...
10 months ago Bleepingcomputer.com

Chrome extensions with 6 million installs have hidden tracking code - While Tuckner didn't catch any extensions stealing user passwords or cookies, the excessively risky capabilities, heavily obfuscated code, and hidden logic were enough for the researcher to label them as risky and, potentially, spyware. A set of 57 ...
9 months ago Bleepingcomputer.com

131 Malicious Extensions Targeting WhatsApp Users Discovered - A recent cybersecurity investigation has uncovered 131 malicious browser extensions specifically targeting WhatsApp users. These extensions, disguised as useful tools, actually serve as conduits for data theft, unauthorized access, and spreading ...
3 months ago Cybersecuritynews.com

Majority of Browser Extensions Pose Critical Security Risk, A New Report Reveals - A new 2025 Enterprise Browser Extension Security Report, uniquely combining data from public extension marketplaces and real-world enterprise usage telemetry to spotlight this underestimated threat vector. Extensive Permissions to Sensitive ...
8 months ago Bleepingcomputer.com

Fake Madgicx Plus and SocialMetrics Pro Chrome Extensions Found Stealing Facebook Credentials - Cybersecurity researchers have uncovered a new phishing campaign involving fake Chrome extensions named Madgicx Plus and SocialMetrics Pro. These malicious extensions are designed to steal Facebook credentials from unsuspecting users by mimicking ...
4 months ago Thehackernews.com

VSCode extensions with 9 million installs pulled over security risks - Microsoft has removed two popular VSCode extensions, 'Material Theme – Free' and 'Material Theme Icons – Free,' from the Visual Studio Marketplace for allegedly containing malicious code. One of the researchers, Amit Assaraf, says ...
10 months ago Bleepingcomputer.com

Malicious VSCode extensions infect Windows with cryptominers - Nine VSCode extensions on Microsoft's Visual Studio Code Marketplace pose as legitimate development tools while infecting users with the XMRig cryptominer to mine Ethereum and Monero. If you have installed any of the nine extensions mentioned in the ...
9 months ago Bleepingcomputer.com

Malicious Chrome extensions with 1.7M installs found on Web Store - Almost a dozen malicious extensions with 1.7 million downloads in Google's Chrome Web Store could track users, steal browser activity, and redirect to potentially unsafe web addresses. According to the researchers, most of the malicious functionality ...
6 months ago Bleepingcomputer.com

Malicious Chrome extensions with 1.7M installs found on Web Store - Almost a dozen malicious extensions with 1.7 million downloads in Google's Chrome Web Store could track users, steal browser activity, and redirect to potentially unsafe web addresses. According to the researchers, the malicious functionality is ...
6 months ago Bleepingcomputer.com

WhiteCobra floods VSCode Market with crypto-stealing extensions - Security researchers have uncovered a new wave of malicious extensions flooding the Visual Studio Code (VSCode) Marketplace, attributed to the WhiteCobra threat group. These extensions are designed to steal cryptocurrency from users by injecting ...
4 months ago Bleepingcomputer.com WhiteCobra

Hackers Deliver Malware via Browser Extensions & Legitimate Tools to Bypass Security Controls - Quick Assist, a preinstalled Windows application designed for remote troubleshooting, requires victims to share a six-digit verification code with attackers posing as IT support personnel. Over the past six months, threat actors have refined ...
9 months ago Cybersecuritynews.com

SquareX Unveils Polymorphic Extensions that Morph Infostealers into Any Browser Extension - Password Managers, Wallets at Risk - In addition to the polymorphic attack, SquareX was also the first to discover and disclose multiple extension-based attacks, including Browser Syncjacking, the Chrome Store consent phishing attack leading to Cyberhaven’s breach and numerous other ...
10 months ago Cybersecuritynews.com

8 New Malicious Firefox Extensions Steal OAuth Tokens, Passwords, and Spy on Users - Security researchers from the Socket Threat Research Team have uncovered a sophisticated network of eight malicious Firefox browser extensions that actively steal OAuth tokens, passwords, and spy on users through deceptive tactics. The investigation ...
6 months ago Cybersecuritynews.com

Google Chrome disables uBlock Origin for some in Manifest v3 rollout - Google continues its rollout of gradually disabling uBlock Origin and other Manifest V2-based extensions in the Chrome web browser as part of its efforts to push users to Manifest V3-based extensions. For those who need more time, Google will let the ...
11 months ago Bleepingcomputer.com