{"id":226264,"date":"2025-12-02T00:32:51","date_gmt":"2025-12-02T06:32:51","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/12\/glassworm-malware-returns-in-third-wave-of-malicious-vs-code-packages"},"modified":"2025-12-02T00:32:51","modified_gmt":"2025-12-02T06:32:51","slug":"glassworm-malware-returns-in-third-wave-of-malicious-vs-code-packages","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/12\/glassworm-malware-returns-in-third-wave-of-malicious-vs-code-packages","title":{"rendered":"Glassworm malware returns in third wave of malicious VS Code packages"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/glassworm-malware-returns-in-third-wave-of-malicious-vs-code-packages.jpg\"><\/a><\/p>\n<p>The Glassworm campaign, which first emerged on the OpenVSX and Microsoft Visual Studio marketplaces in October, is now in its third wave, with 24 new packages added on the two platforms.<\/p>\n<p>OpenVSX and the Microsoft Visual Studio Marketplace are both extension repositories for VS Code\u2013compatible editors, used by developers to install language support, frameworks, tooling, themes, and other productivity add-ons.<\/p>\n<p>The Microsoft marketplace is the official platform for Visual Studio Code, while OpenVSX is an open, vendor-neutral alternative used by editors who can\u2019t or don\u2019t use Microsoft\u2019s proprietary store.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Glassworm campaign, which first emerged on the OpenVSX and Microsoft Visual Studio marketplaces in October, is now in its third wave, with 24 new packages added on the two platforms. OpenVSX and the Microsoft Visual Studio Marketplace are both extension repositories for VS Code\u2013compatible editors, used by developers to install language support, frameworks, tooling, [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-226264","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/226264","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=226264"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/226264\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=226264"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=226264"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=226264"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}