#vs-code-extensions

[ follow ]
#glassworm #malware #supply-chain-attack #supply-chain-malware #information-stealer #github-compromise
fromThe Hacker News
18 hours ago

Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto

The executable, for its part, decrypts and injects the main stealer payload into a legitimate Windows process ("grpconv.exe") directly in memory, allowing it to harvest sensitive data and exfiltrate it to a remote server ("server09.mentality[.]cloud") over FTP in the form of a ZIP file. Some of the information collected by the malware includes - Clipboard content Installed apps Cryptocurrency wallets Running processes Desktop screenshots
Information security
#glassworm
fromInfoWorld
2 months ago
Information security

How GlassWorm wormed its way back into developers' code - and what it says about open source security

fromInfoWorld
2 months ago
Information security

How GlassWorm wormed its way back into developers' code - and what it says about open source security

more#glassworm
Information security
fromInfoWorld
2 months ago

Self-propagating worm found in marketplaces for Visual Studio Code extensions

GlassWorm infects VS Code and OpenVSX extensions, harvesting developer credentials, deploying proxies and backdoors, draining crypto wallets, and spreading rapidly.
fromThe Hacker News
3 months ago

Over 100 VS Code Extensions Exposed Developers to Hidden Supply Chain Risks

"A leaked VSCode Marketplace or Open VSX PAT [personal access token] allows an attacker to directly distribute a malicious extension update across the entire install base," Wiz security researcher Rami McCarthy said in a report shared with The Hacker News. "An attacker who discovered this issue would have been able to directly distribute malware to the cumulative 150,000 install base."
Information security
[ Load more ]