🚨 Malware Hiding in Code Editors & 8.9 Million Hit by Phishing Scam
Two major threats making headlines today — one targeting developers through their own tools, and one hitting nearly 9 million inboxes disguised as a free gift. Here's what you need to know.
🦠GlassWASM: Malware Hidden Inside Developer Code Editor Extensions
Researchers discovered a sophisticated piece of malware called GlassWASM lurking inside two fake extensions for Open VSX — the extension marketplace used by popular code editors like VSCodium and Gitpod. Attackers impersonated legitimate developers to publish the malicious extensions, which secretly installed a hidden program that calls home to a command-and-control server to receive further instructions.
What makes this especially sneaky: the malware uses WebAssembly (a low-level code format rarely flagged by antivirus tools) and even uses the Solana blockchain to secretly pass along server addresses — making it extremely hard to detect or block. If you or your team uses Open VSX-based editors, check immediately for the extensions ExarGD.vsblack or noellee-doc/flint-debug and remove them. Any machine that ran these extensions should be treated as potentially compromised.
This is a reminder that even developer tools aren't safe from supply chain attacks — always verify extensions before installing them.
🎣 8.9 Million People Targeted by Fake Boots Pharmacy Emails
Nearly 9 million people received a convincing-looking email claiming to be from Boots, the popular UK health and beauty retailer, offering a free beauty sample pack. It was a trap. Clicking through led victims to a fake checkout page (hosted on a hacked Bolivian government website, no less) and a survey designed to steal personal information.
The campaign was run by Romanian threat actors who hijacked legitimate servers to send mass emails and host their fake pages — making them harder to detect and block. If you or anyone you know received an unexpected "free gift" email from Boots recently, do not click any links and report it as phishing. This type of scam is designed to harvest names, addresses, payment details, and more.
When something sounds too good to be free, it usually is.
Stay ahead of threats like these with GOCO Security — your partner in proactive cybersecurity.
.jpg)
Comments
Post a Comment