top of page

GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools

2 december 2025 om 15:01:00

thehackernews.com

The GlassWorm supply chain campaign has returned with 24 malicious extensions infiltrating Microsoft Visual Studio Marketplace and Open VSX. These extensions impersonate popular developer tools and frameworks including Flutter, React, Tailwind, Vim, and Vue. The campaign was first documented in October 2025 and utilizes the Solana blockchain for command-and-control communications. The malware targets developers by disguising itself as legitimate development tools to harvest npm credentials and potentially compromise development environments.

Related links:

https://thehackernews.com/2025/12/glassworm-returns-with-24-malicious.html

Related CVE's:

No CVEs found in this article

Related threat actors:

GLASSWORM

Affected products:

Microsoft Visual Studio MarketplaceOpen VSXFlutterReactTailwindVimVue

IOC's:

No IOCs found in this article

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page