A supply-chain attack named GlassWorm is targeting developers on the OpenVSX and Microsoft Visual Studio marketplaces, leading to an estimated 35,800 installations of self-spreading malware. Utilizing invisible characters to hide its code, GlassWorm steals credentials and cryptocurrency wallet information, while employing the Solana blockchain for command-and-control, making it challenging to dismantle. Researchers have identified multiple infected extensions and warn of the malware's sophisticated nature, marking it as a significant threat to developer environments.