• Hello and welcome! Register to enjoy full access and benefits:

    • Advertise in the Marketplace section for free.
    • Get more visibility with a signature link.
    • Company/website listings.
    • Ask & answer queries.
    • Much more...

    Register here or log in if you're already a member.

  • 🎉 WHV has crossed 56000 (56k) monthly views (unique) and 285135 clicks per month, as per Google Analytics! Thank you for your support! 🎉

Developers at Risk: Glassworm Malware Returns Through Third Wave of Malicious VS Code Extensions

johny899

New Member
Content Writer
Messages
974
Reaction score
3
Points
23
Balance
$1,220.8USD
Hello friend! I'm sure you know this already but if you're a developer that codes with Visual Studio Code please be aware of this. There is a malware known as "Glassworm" that is resurging for the third wave of malicious VS Code extensions.

It's frightening and when I read the news on BleepingComputer I was shocked to see just how many developers' systems are getting compromised. Your probably thinking how can a simple extension steal my data?

What is Glassworm?​

The Glassworm malware is a type of malware that has been embedded within malicious/fake extensions by cybercriminals. It works when a developer downloads/installs one of these type of malicious extensions then Glassworm malware gets downloaded onto the developer's system and begins to collect sensitive information.

Some examples of information that it can collect are:
  • Github Passwords
  • VS Code Login Token and Marketplace Token
  • Crypto Wallet Information
  • Developer Account Contact Information
Developers will not know that their code has been compromised until it is too late because code appear to be normal. It uses invisible characters to hide the malicious lines of code. This is a really ingenious way to get around anti-malware programs!

What Happened In This Third Attack?​

In this third incident, researchers have discovered 24 more malicious VS Code packages. The new extensions all pretended to be something useful such as tools for React, Flutter, YAML file editing, themes and icons.

When users install these extensions, Glassworm can:
  • Establish a covert link between the hacker's server and the user's computer
  • Take control of the user's computer
  • Serve as a means for the hacker to route hidden data through the user's computer
And what's more concerning is that VS Code does not require manual intervention to update these additions. Thus, it is possible for hackers to push their software to machines without alerting their users.

What Can Be Done To Prevent This From Happening​

You should take the following preventative measures:
  • Examine your installed extensions and delete anything questionable
  • Disable auto-updating of extension
  • Install only reputable and established extensions
  • Stay current with your industry and check security information regularly
After reading about this issue, I have reviewed my editor and want to prevent hackers from making use of my personal device.
 
You must log in or register to reply here.
Menu
Log in
Register