Bleepingcomputer
GlassWorm Malware Resurfaces in Open VSX Extensions Following Token Leak
First seen 1 Dec 2025, 20:43 UTC
•



+5
•69% similarity
•30.3
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
The Open VSX registry faced a supply chain attack after access tokens were leaked, allowing threat actors to publish malicious extensions. The GlassWorm malware campaign has returned with new extensions targeting developers' credentials and cryptocurrency wallets, leveraging obfuscation techniques to evade detection. Over 10,000 downloads of the new malicious extensions have been reported.
ThreatCluster AI