Researchers found two harmful VS Code extensions that appear as AI coding assistants but secretly send user data to servers in China. With over 1.5 million installs, they capture file content and modifications without user consent, while also incorporating analytics SDKs to track users.

A supply-chain attack named GlassWorm is targeting developers on the OpenVSX and Microsoft Visual Studio marketplaces, leading to an estimated 35,800 installations of self-spreading malware. Utilizing invisible characters to hide its code, GlassWorm steals credentials and cryptocurrency wallet information, while employing the Solana blockchain for command-and-control, making it challenging to dismantle. Researchers have identified multiple infected extensions and warn of the malware's sophisticated nature, marking it as a significant threat to developer environments.