The extensions feature a clear impersonation pattern, where they mirror the legitimate listings of the cloned extensions, including icons, naming, and description, but under a different publisher and unique identifier.“This is the core social engineering pattern behind the latest GlassWorm cluster: cloned listings create enough visual trust to attract installs before any malware is introduced,” Socket notes.The malware delivery method implemented by these extensions is a combination of previously observed mechanisms: some rely on bundled native binaries, including components from previous GlassWorm attacks, while others retrieve the payload from a remote location.“The extension’s source code alone no longer reflects the behavior that ultimately runs. By shifting critical logic outside of what tools typically scan, and spreading it across multiple delivery mechanisms, the threat actor increases the likelihood of evading detection,” Socket notes.Related:Bitwarden NPM Package Hit in Supply Chain AttackRelated:Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM DataRelated:‘By Design’ Flaw in MCP Could Enable Widespread AI Supply Chain AttacksRelated:European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack
“This is the core social engineering pattern behind the latest GlassWorm cluster: cloned listings create enough visual trust to attract installs before any malware is introduced,” Socket notes.The malware delivery method implemented by these extensions is a combination of previously observed mechanisms: some rely on bundled native binaries, including components from previous GlassWorm attacks, while others retrieve the payload from a remote location.“The extension’s source code alone no longer reflects the behavior that ultimately runs. By shifting critical logic outside of what tools typically scan, and spreading it across multiple delivery mechanisms, the threat actor increases the likelihood of evading detection,” Socket notes.Related:Bitwarden NPM Package Hit in Supply Chain AttackRelated:Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM DataRelated:‘By Design’ Flaw in MCP Could Enable Widespread AI Supply Chain AttacksRelated:European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack
The malware delivery method implemented by these extensions is a combination of previously observed mechanisms: some rely on bundled native binaries, including components from previous GlassWorm attacks, while others retrieve the payload from a remote location.“The extension’s source code alone no longer reflects the behavior that ultimately runs. By shifting critical logic outside of what tools typically scan, and spreading it across multiple delivery mechanisms, the threat actor increases the likelihood of evading detection,” Socket notes.Related:Bitwarden NPM Package Hit in Supply Chain AttackRelated:Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM DataRelated:‘By Design’ Flaw in MCP Could Enable Widespread AI Supply Chain AttacksRelated:European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack
“The extension’s source code alone no longer reflects the behavior that ultimately runs. By shifting critical logic outside of what tools typically scan, and spreading it across multiple delivery mechanisms, the threat actor increases the likelihood of evading detection,” Socket notes.Related:Bitwarden NPM Package Hit in Supply Chain AttackRelated:Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM DataRelated:‘By Design’ Flaw in MCP Could Enable Widespread AI Supply Chain AttacksRelated:European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack
Related:Bitwarden NPM Package Hit in Supply Chain AttackRelated:Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM DataRelated:‘By Design’ Flaw in MCP Could Enable Widespread AI Supply Chain AttacksRelated:European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack
Related:Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM DataRelated:‘By Design’ Flaw in MCP Could Enable Widespread AI Supply Chain AttacksRelated:European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack
Related:‘By Design’ Flaw in MCP Could Enable Widespread AI Supply Chain AttacksRelated:European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack
Related:European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack
Ionut Arghire is an international correspondent for SecurityWeek.
With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment.
Source: SecurityWeek
