VERY IMPORTANT

GlassWorm is a groundbreaking self-propagating worm targeting VS Code extensions on OpenVSX marketplace. It employs invisible Unicode characters to conceal malicious code and utilizes a blockchain-based command and control infrastructure on Solana. The worm compromised seven OpenVSX extensions with 35,800 downloads, harvesting NPM, GitHub, and Git credentials, targeting cryptocurrency wallets, deploying SOCKS proxy servers, and installing hidden VNC servers. It spreads exponentially through the developer ecosystem using stolen credentials. The worm employs a triple-layer C2 setup involving Solana blockchain, direct IP connection, and Google Calendar. A new infected extension was also detected in Microsoft's VSCode marketplace. The campaign remains active, necessitating immediate security measures and audits of installed extensions.