The Glassworm malware campaign has resurfaced with 24 new malicious packages on OpenVSX and the Microsoft Visual Studio Marketplace. This malware uses hidden code to steal developer credentials and cryptocurrency data while providing remote access to attackers. Despite prior containment efforts, it continues to evade detection and reappear on these platforms.

A supply-chain attack named GlassWorm is targeting developers on the OpenVSX and Microsoft Visual Studio marketplaces, leading to an estimated 35,800 installations of self-spreading malware. Utilizing invisible characters to hide its code, GlassWorm steals credentials and cryptocurrency wallet information, while employing the Solana blockchain for command-and-control, making it challenging to dismantle. Researchers have identified multiple infected extensions and warn of the malware's sophisticated nature, marking it as a significant threat to developer environments.