“payload, which is a vsix extension that ' s retrieved from github and installed into every ide identified in the system, including vs code, cursor, windsurf, and vscodium, using the " - - install - extension " command. irrespective of the method used, the end goal is the same : r…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
93%
“buddies - cubedivervolt. html - code - validate - winnerdomain17. version - lens - tool the cloned sleepers, besides typosquatting the names of the original packages ( ceintl. vscode - language - pack - tr vs. emotionkyoseparate. turkish - language - pack ), use the same icon and…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1176.002IDE Extensions
85%
“researchers uncover 73 fake vs code extensions delivering glassworm v2 malware cybersecurity researchers have flagged dozens of microsoft visual studio code ( vs code ) extensions on the open vsx repository that are linked to a persistent information - stealing campaign dubbed gl…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1176Software Extensions
72%
“payload, which is a vsix extension that ' s retrieved from github and installed into every ide identified in the system, including vs code, cursor, windsurf, and vscodium, using the " - - install - extension " command. irrespective of the method used, the end goal is the same : r…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
64%
“researchers uncover 73 fake vs code extensions delivering glassworm v2 malware cybersecurity researchers have flagged dozens of microsoft visual studio code ( vs code ) extensions on the open vsx repository that are linked to a persistent information - stealing campaign dubbed gl…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1176Software Extensions
56%
“researchers uncover 73 fake vs code extensions delivering glassworm v2 malware cybersecurity researchers have flagged dozens of microsoft visual studio code ( vs code ) extensions on the open vsx repository that are linked to a persistent information - stealing campaign dubbed gl…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1176.002IDE Extensions
43%
“buddies - cubedivervolt. html - code - validate - winnerdomain17. version - lens - tool the cloned sleepers, besides typosquatting the names of the original packages ( ceintl. vscode - language - pack - tr vs. emotionkyoseparate. turkish - language - pack ), use the same icon and…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Cybersecurity researchers have flagged dozens of Microsoft Visual Studio Code (VS Code) extensions on the Open VSX repository that are linked to a persistent information-stealing campaign dubbed GlassWorm.
The cluster of 73 extensions has been identified as cloned versions of their legitimate counterparts. Of these, six have been confirmed to be malicious, with the remaining acting as seemingly