"The extension itself acts as a thin loader. By shifting critical logic outside of what tools typically scan, and spreading it across multiple delivery mechanisms, the threat actor increases the likelihood of evading detection."
"Of the 73 new extensions seen by Socket, last week, six were activated to connect to sources of malware. This week, eight more were activated, Burckhardt said in an interview."
Researchers at Socket reported the addition of 73 new fraudulent extensions to the Open VSX code marketplace, which are designed to download GlassWorm malware. This marks a significant escalation in the threat actor's activity, following the addition of 72 malicious extensions the previous month. The extensions impersonate trusted developer tools and contain benign code to evade detection. They connect to public accounts to download malware updates. Socket has notified the Eclipse Foundation about these fraudulent extensions, which are aimed at compromising software supply chains.
Read at InfoWorld
Unable to calculate read time
Collection
[
|
...
]