Attackers are using transitive dependencies to turn benign developer tools into malware. 🛡️
Supply-Chain Alert · GlassWorm campaign targets developers via Open VSX registry.
Cybersecurity researchers have flagged a significant escalation in the GlassWorm campaign in the last 24 hours. Threat actors are now abusing extension packs and dependencies in the Open VSX registry to deliver malicious loaders. Instead of embedding malware directly‚ they use standalone-looking extensions to pull in separate malicious packages.
At least 72 malicious extensions have been identified since late January. This technique allows the initial package to appear benign to standard scanners‚ only triggering the infection once the developer installs the full transitive dependency chain.
The uncomfortable truth: Your developers’ productivity tools are the most trusted and least scrutinized entry point for high-privilege access into your production environment.
→ Audit developer workstations for unauthorized or community-managed Open VSX extensions.
→ Enforce a policy of using only verified or internally mirrored extension registries.
→ Monitor for unusual outbound network activity originating from IDE processes and developer tools.
#Cybersecurity #SupplyChain #DevSecOps #AppSec #SOC #CodeDefence