CheckMarx has spotted new VS Code extensions spreading GlassWorm, in what appears to be the umpteenth flare-up of this campaign
https://checkmarx.com/zero-post/glassworm-targets-developer-ides-again-hiding-staged-malware-behind-runtime-rebuilt-loaders/acc
Catalin Cimpanu
npub1tq…3aefw
2026-04-02 12:56:17 UTC
Author Public Key
npub1tqfukrqgh928vktkl6vx063ck2c4yn3ek8m44v3txfhztqe65anq63aefwSeen on
wss://relay.ditto.pubPublished at
2026-04-02 12:56:17 UTCEvent JSON
{
"id": "c875721d0bd5273dbc15d5199b41da0d7c83cb46825f375b01155ee588e1666e",
"pubkey": "5813cb0c08b954765976fe9867ea38b2b1524e39b1f75ab22b326e25833aa766",
"created_at": 1775134577,
"kind": 1,
"tags": [
[
"proxy",
"https://mastodon.social/users/campuscodi/statuses/116335219696533195",
"activitypub"
],
[
"client",
"Mostr",
"31990:6be38f8c63df7dbf84db7ec4a6e6fbbd8d19dca3b980efad18585c46f04b26f9:mostr",
"wss://relay.ditto.pub"
]
],
"content": "CheckMarx has spotted new VS Code extensions spreading GlassWorm, in what appears to be the umpteenth flare-up of this campaign\n\nhttps://checkmarx.com/zero-post/glassworm-targets-developer-ides-again-hiding-staged-malware-behind-runtime-rebuilt-loaders/acc",
"sig": "f92ba4cc3cb6822713a65f9b8f057a2e5a5f9f10efd9a488cd9c4f63275f4d50ad649a6db38dc9294fb9dab79b0e6e45dc1a624ad057d5d2c4ea2136e6fe11fa"
}