Cybersecurity researchers have uncovered a set of three extensions associated with the GlassWorm campaign, highlighting persistent threats aimed at the Visual Studio Code (VS Code) ecosystem. The first extension, ai-driven-dev.ai-driven-dev, has recorded 3,402 downloads, while the second, adhamu.history-in-sublime-merge, has garnered 4,057 downloads. The presence of these extensions remains a concern for developers, as their availability increases the risk of malware exploitation. Continued monitoring and assessment of these extensions are imperative to safeguard users and maintain the integrity of the VS Code platform.
The ongoing attempts by threat actors to compromise development environments illustrate the evolving landscape of cyber threats. By targeting popular tools like VS Code, attackers aim to leverage trusted resources for malicious activities. As such, developers are advised to exercise caution in reviewing and installing extensions from uncertain origins. This incident serves as a reminder of the necessity for robust security practices and vigilance in the software development community.
👉 Pročitaj original: The Hacker News
