🦠Malware Hides in Your Code Editor & 9 Million Hit by Fake Boots Emails
Two threats making the rounds today deserve your attention: one targets software developers through their own tools, and the other shows how a single hacked server can put millions of inboxes at risk.
🦠GlassWASM: Malware Sneaks Into VS Code Extensions via the Blockchain
Researchers at Socket discovered a devious new malware campaign called GlassWASM hiding inside two fake extensions published to Open VSX — a popular marketplace for VS Code-compatible editors used by millions of developers worldwide. What makes this attack especially sneaky: the malicious code is compiled into WebAssembly (a low-level binary format), making it far harder to detect than ordinary JavaScript. Even more clever, the malware receives its instructions by reading messages hidden inside Solana blockchain transaction memos — a completely legitimate channel that most security tools would never flag as suspicious.
The fake extensions impersonated real, trusted tools and were live for nearly two weeks before being removed. If you installed any VS Code or VS Codium extensions from Open VSX recently, this is a good time to audit your list. Developers should treat extension installs with the same caution as installing software — only install from verified publishers you recognize.
🎣 9 Million UK Inboxes Hit in Massive Boots Phishing Scam
In one of the largest consumer phishing operations uncovered in recent memory, attackers hijacked a vulnerable Windows terminal server and used it to blast nearly 9 million fraudulent emails impersonating the UK pharmacy and beauty chain Boots. The emails posed as customer satisfaction surveys offering a free gift — a classic lure designed to harvest personal and financial details. Investigators at Huntress caught the attack mid-flight after a client installed security monitoring software, and found six separate mailing lists with nearly 9 million combined targets already staged and ready to go.
The root cause was a Remote Desktop server left exposed to the public internet that had been hammered with over 206,000 login attempts from attackers before they finally broke in. This is a powerful reminder that a single misconfigured server can become a weapon against millions of people — and that anyone who received a "Boots gift survey" email recently should delete it immediately and not click any links.
Stay ahead of threats like these with GOCO Security at gocosecurity.com.
.jpg)
Comments
Post a Comment