The GlassWorm malware campaign has resurfaced, targeting the OpenVSX ecosystem with 73 "sleeper" extensions that initially appear harmless but deliver malicious payloads after updates. Researchers have confirmed that six of these extensions are already active in distributing malware, while the rest are suspected to be dormant, emphasizing the need for developers to be vigilant and rotate their secrets if they have installed any of these extensions.
The resurgence of GlassWorm malware through 73 "sleeper" OpenVSX extensions emphasizes the evolving nature of supply chain attacks, where seemingly benign extensions turn malicious after updates. For cybersecurity professionals, it's crucial to implement rigorous monitoring and auditing of code repositories and extensions, ensuring any suspicious activity is promptly identified and mitigated to protect against such stealthy threats.