InfoWorld

Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...

This popular Chrome extension just got flagged for malware

Google has just blocked one of our favorite Chrome extensions for apparently containing malware. So what actually happened?
Dark Reading

GlassWorm Malware Evolves to Hide in Dependencies

The infamous GlassWorm malware has infected dozens more Open VSX software packages, according to new research.

Google's oversight on its web store let malware run unchecked for 1 year

Google just disabled a popular extension (Save image as Type) and removed it from the Chrome web store because it contains malware.

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
9to5Google

Your favorite image-saving Chrome extension was scraping your data for cash

Seemingly out of nowhere, the “Save image as Type” Chrome extension was marked for removal, with Google warning users ...