#vs-code-extensions

[ follow ]
#glassworm #invisible-unicode-characters #solana-blockchain #supply-chain-malware #supply-chain-attack
fromTechzine Global
10 hours ago

Invisible malware spreads via VS Code extensions

A new cyber threat is affecting developers worldwide who work with Visual Studio Code. Researchers at Koi Security have discovered an attack they call GlassWorm. It is a worm that spreads itself via infected VS Code extensions. According to Koi Security, it is the first attack of its kind to use so-called invisible Unicode characters, which make malicious code literally invisible to developers and security tools.
Information security
Information security
fromInfoWorld
19 hours ago

Self-propagating worm found in marketplaces for Visual Studio Code extensions

GlassWorm infects VS Code and OpenVSX extensions, harvesting developer credentials, deploying proxies and backdoors, draining crypto wallets, and spreading rapidly.
fromThe Hacker News
1 week ago

Over 100 VS Code Extensions Exposed Developers to Hidden Supply Chain Risks

"A leaked VSCode Marketplace or Open VSX PAT [personal access token] allows an attacker to directly distribute a malicious extension update across the entire install base," Wiz security researcher Rami McCarthy said in a report shared with The Hacker News. "An attacker who discovered this issue would have been able to directly distribute malware to the cumulative 150,000 install base."
Information security
[ Load more ]