The GlassWorm threat has caused more supply chain chaos, contaminating software components with thousands of downstream users This article explores malicious versions component. . Last week, researchers from the application development security company Socket described a supply chain attack that used Trojanized versions of four genuine components that were distributed through the Open VSX registry.

On January 30, Socket reported the attack to the Eclipse Foundation and Open VSX, and the malicious versions of each component were promptly eliminated. Even though everyone involved acted quickly, it's hard to estimate how many victims might have fallen between the cracks. Related: The Trump Administration Recinds Credentials should be rotated by Biden-Era Software Guidance Organizations that downloaded a compromised extension, particularly those connected to cloud or developer accounts.

Additionally, they should verify their CI configurations and release jobs for potential tampering by auditing recent GitHub activity. Consider it a credential exposure event if you installed any of the extensions mentioned in the IOC section. "Delete its on-disk artifacts and remove the extension," Boychenko wrote.

Dark Reading asked Socket for more details. "On macOS, check for persistence under ~/Library/LaunchAgents, including unfamiliar plists such as com.user.nodestart.plist, and investigate suspicious runtime paths that reference /tmp/ijewf or /tmp/out.zip."