Threat actor uploads 73 more fraudulent extensions to Open VSX to infect supply chains
Updated
Updated · InfoWorld · Apr 29
Threat actor uploads 73 more fraudulent extensions to Open VSX to infect supply chains
10 articles · Updated · InfoWorld · Apr 29
Socket identified 73 new malicious extensions, with 14 activated, targeting developers via the Open VSX marketplace. The Eclipse Foundation has been notified and is expected to have removed all 73 extensions.
These extensions impersonate trusted developer tools, evade malware scanners with benign code, and later download GlassWorm malware to steal credentials. The campaign exploits weak security controls in IDE extension management.
Experts warn that targeting VS Code extensions is a growing threat due to lack of integrity verification and security policies. Developers and organizations are urged to audit, restrict, and monitor extension installations to reduce exposure.
Are IDE extensions the biggest blind spot in software supply chain security?
What legal liability do code marketplaces face for hosting malicious extensions?
How can marketplaces detect benign 'sleeper' extensions that later turn malicious?
With AI assistants suggesting tools, how can developers verify their safety?
How does the GlassWorm malware use the Solana blockchain for command-and-control?
Could the malware's Russian language check be a sophisticated false flag operation?