GlassWorm supply chain attack campaign expands further

Dozens of malicious Open VSX extensions and over 150 GitHub compromised repositories have been used as part of the intensified GlassWorm supply chain attack campaign, reports The Hacker News.

At least 72 more illicit Open VSX extensions spoofing popular utilities since the end of January have been converted into transitive delivery vehicles for malware, enabling GlassWorm hackers to distribute nefarious payloads in subsequent updates without modifications to the extensions' initial purpose, according to an analysis from Socket researchers.

Meanwhile, another report from Aikido revealed intrusions between Mar. 3 and Mar. 9 that involved the injection of invisible payload-encoding Unicode characters into 151 GitHub repositories, as well as a pair of npm packages. Malicious injections were noted by Aikido researcher Ilyas Makari to have been integrated into version changes, documentation tweaks, minor refractors, and vulnerability fixes tailored for every project.

"This level of project-specific tailoring strongly suggests the attackers are using large language models to generate convincing cover commits," said Makari.