Security inquiry #508
-
|
GlassWorm, a scary malware propagating inside invisible code sections through vscode extensions, has been recently detected (the article on koi.ai is a good reference as to what it does, and how it’s being accomplished). I’m using elixir-lsp/vscode-elixir-ls on my development machine and would like to continue doing so. In case anyone of the developers is not yet aware of GlassWorm:
A python script exists to check for invisible unicode characters, you may find it useful (it was written by ChatGPT) Please verify that your extension is not infected. Regards, |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Thank's for letting me know. None of the malicious extensions are installed in my local env. ElixirLS extension uses automated build and publish to VSCode Marketplace and Open VSX by github actions. There were no releases since August, see https://github.com/elixir-lsp/vscode-elixir-ls/tags, https://open-vsx.org/extension/elixir-lsp/elixir-ls, https://marketplace.visualstudio.com/items?itemName=JakeBecker.elixir-ls. There were no unauthorised commits nor PRs since then. The code scan with your script reports no problems in the repo. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks Lukasz, this is good news! |
Beta Was this translation helpful? Give feedback.
Thank's for letting me know. None of the malicious extensions are installed in my local env. ElixirLS extension uses automated build and publish to VSCode Marketplace and Open VSX by github actions. There were no releases since August, see https://github.com/elixir-lsp/vscode-elixir-ls/tags, https://open-vsx.org/extension/elixir-lsp/elixir-ls, https://marketplace.visualstudio.com/items?itemName=JakeBecker.elixir-ls. There were no unauthorised commits nor PRs since then. The code scan with your script reports no problems in the repo.