Visual Studio Code Extensions Compromised in GlassWorm Campaign Targeting GitHub and Cryptocurrency Wallets

Cybersecurity firm Koi Security has identified a sophisticated malware campaign targeting Visual Studio Code extensions that steals credentials for GitHub, Open VSX, and cryptocurrency wallets. The malware uses invisible Unicode characters to evade detection and leverages the Solana blockchain as its command-and-control infrastructure. Seven extensions were reinfected on October 17, accumulating 35,800 downloads, with ten infected extensions remaining publicly available.