URGENT UPDATE: A dangerous new wave of malware, dubbed GlassWorm, is now targeting macOS devices through compromised extensions on the OpenVSX marketplace. Security researchers from Socket have confirmed that four malicious extensions were discovered, capable of stealing sensitive browser data, cryptocurrency wallet information, and Apple keychain details. This alarming development follows a previous campaign that hit the official Visual Studio Code marketplace.
The malicious extensions were downloaded a staggering 22,000 times before being identified. They were updated on January 30, 2023, after remaining legitimate for nearly two years. Users of popular browsers like Firefox and Chromium are at significant risk, as the malware harvests data from these applications and exfiltrates it to an attacker-controlled server.
Experts indicate that the malware campaign specifically targets macOS systems while excluding Russian-locale devices, suggesting a possible link to Russian attackers. The compromised extensions include:
– oorzc.ssh-tools v0.5.1
– oorzc.i18n-tools-plus v1.6.8
– oorzc.mind-map v1.0.61
– oorzc.scss-to-css-compile v1.3.4
Following the discovery, Socket alerted the Eclipse Foundation, which operates the OpenVSX platform. Tokens for the malicious extensions have since been revoked, and the harmful releases were removed. However, users who downloaded these extensions are urged to take immediate action to protect their data. This includes removing the extensions, scanning their systems for malware remnants, and rotating their credentials to mitigate risks.
The implications are severe. As developers increasingly rely on open-source tools, the success of this campaign highlights the vulnerabilities within these ecosystems. Users must stay vigilant and proactive in safeguarding their systems against potential threats.
For those affected, cleaning up after such attacks is crucial. Authorities recommend utilizing trusted antivirus solutions to ensure complete system integrity. As this story develops, users are encouraged to remain informed and share this critical information with peers to prevent further breaches.
Stay tuned for updates as we monitor this ongoing situation. Follow TechRadar for the latest news, reviews, and expert opinion in your feeds.
