The GlassWorm malware targets developers using Visual Studio Code extensions on the OpenVSX marketplace, spreading by hijacking trusted extensions and stealing credentials. It hides its malicious payload using invisible Unicode variation selectors and communicates through the Solana blockchain and Google Calendar.
