GlassWorm Supply Chain Attack on Visual Studio Code Extensions
A sophisticated supply chain attack has targeted Visual Studio Code (VS Code) extensions, leveraging a self-propagating worm known as GlassWorm. Security researchers at Koi Security discovered the malware after identifying suspicious behavior in an extension called CodeJoy on the OpenVSX marketplace. The worm employs a novel technique using invisible Unicode characters, making the malicious code undetectable to the human eye within code editors. This approach allows the malware to evade traditional detection methods and remain stealthy within compromised extensions. GlassWorm utilizes the Solana blockchain as its primary command-and-control (C2) channel, with Google Calendar serving as a backup C2 infrastructure, enhancing its resilience and making takedown efforts more challenging. The worm has already infected nearly 36,000 developer machines, indicating a significant impact on the developer ecosystem. Once installed, GlassWorm harvests credentials from NPM, GitHub, and Git, enabling it to propagate further by compromising additional packages and extensions. The malware also targets cryptocurrency wallets, seeking to steal digital assets from affected users. Infected systems are converted into SOCKS proxy servers, effectively turning developer machines into part of the attacker's extended C2 infrastructure. Additionally, GlassWorm installs hidden virtual network computing (VNC) servers, granting attackers full remote access to compromised machines. The attack highlights the growing risks associated with open-source marketplaces and the potential for widespread compromise through popular development tools. Security experts emphasize the importance of scrutinizing extension code and implementing stronger guardrails in extension marketplaces to prevent similar attacks. The use of invisible Unicode and blockchain-based C2 channels represents a significant evolution in malware stealth and persistence. The incident underscores the need for developers and organizations to monitor for unusual extension behavior and to regularly audit installed extensions for signs of compromise. The attack also demonstrates the potential for supply chain threats to rapidly scale, given the interconnected nature of developer tools and platforms. As the investigation continues, security vendors and marketplace operators are working to identify and remove malicious extensions and to strengthen defenses against future supply chain attacks.
Timeline
Apr 10, 2026
GlassWorm evolves with Zig dropper and cross-IDE propagation
Researchers reported a new GlassWorm variant delivered via the malicious Open VSX extension 'specstudio.code-wakatime-activity-tracker,' which impersonated WakaTime and used a Zig-compiled binary to escape the JavaScript sandbox and spread to multiple VS Code-compatible IDEs. The campaign deployed a second-stage extension, 'floktokbok.autoimport,' used Solana-based C2, avoided Russian systems, exfiltrated data, installed a RAT, and ultimately dropped a malicious Chrome info-stealing extension; the Open VSX package was later removed.
Mar 16, 2026
Nine GlassWorm extensions remained live on VS Marketplace
Breakglass Intelligence reported that nine malicious GlassWorm-infected Visual Studio Code extensions were still available on the Microsoft Visual Studio Marketplace as of 2026-03-16, indicating the campaign remained exposed to developers months after its initial discovery. The report also detailed a Rust-based second stage using in-memory PE execution and published IOCs plus YARA and Suricata detections.
Oct 23, 2025
Scope of GlassWorm campaign tied to infected marketplace extensions
Analysis revealed that 13 extensions on Open VSX and one on the Microsoft Extension Marketplace were infected, with roughly 35,800 total downloads. Reports also described the malware's objectives as credential theft, cryptocurrency wallet draining, proxy deployment, persistence, and further propagation via stolen credentials.
Oct 20, 2025
Researchers uncover GlassWorm supply-chain worm in VS Code extensions
Security researchers, including Koi Security, identified and disclosed a self-propagating malware campaign dubbed GlassWorm targeting developer extension marketplaces. The worm was found to hide code with invisible Unicode characters and to use Solana blockchain infrastructure, with Google Calendar as fallback command-and-control.
Oct 17, 2025
First GlassWorm infections observed in VS Code extension ecosystems
The earliest known GlassWorm infections were observed affecting Visual Studio Code extensions distributed through Open VSX and later the Microsoft Extension Marketplace. The campaign used compromised developer accounts and extension auto-updates to begin spreading through trusted packages.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Threat Actors
Malware
Organizations
Sources
5 more from sources like cso online, risky biz rss, security online info, dark reading and blueteamsec
Related Stories
GlassWorm Supply Chain Attack via Malicious VS Code and Open VSX Extensions
The GlassWorm malware campaign has resurfaced with a third wave of attacks, distributing 24 malicious extensions across the Microsoft Visual Studio Marketplace and Open VSX repositories. These extensions impersonate popular developer tools and frameworks such as Flutter, React, Tailwind, Vim, and Vue, aiming to compromise developer environments. Once installed, the malware attempts to steal credentials for GitHub, npm, and OpenVSX accounts, as well as cryptocurrency wallet data, and can turn infected machines into attacker-controlled nodes for further criminal activity. The attackers have also been observed artificially inflating download counts to increase the visibility and perceived trustworthiness of their malicious extensions. GlassWorm employs advanced evasion techniques, including the use of invisible Unicode characters to hide malicious code and the deployment of a SOCKS proxy and HVNC client for stealthy remote access. Despite previous efforts by Microsoft and Open VSX to remove infected packages and rotate compromised access tokens, the threat actors have continued to return with new publisher accounts and updated extensions. The campaign highlights the ongoing risks in the software supply chain, particularly for developers relying on third-party extensions from public repositories.
4 days ago
GlassWorm Malware Campaign Targets macOS via Malicious VS Code Extensions
A new wave of the GlassWorm malware campaign is actively targeting macOS users by distributing trojanized Visual Studio Code (VS Code) extensions through the OpenVSX marketplace. This fourth iteration marks a significant shift from previous campaigns, which primarily targeted Windows systems, and now leverages AES-256-CBC–encrypted JavaScript payloads embedded in extensions such as `studio-velte-distributor.pro-svelte-extension`, `cudra-production.vsce-prettier-pro`, and `Puccin-development.full-access-catppuccin-pro-extension`. The malware is designed to steal credentials for platforms like GitHub, npm, and OpenVSX, as well as cryptocurrency wallet data, and it supports remote access via VNC and SOCKS proxy routing. Notably, the latest campaign employs AppleScript for execution on macOS and introduces a 15-minute delay before activating its malicious logic, a tactic intended to evade detection by automated sandbox analysis. Researchers from Koi Security identified that the threat actor behind GlassWorm has adapted its techniques over four distinct waves since October, evolving from using invisible Unicode characters and compiled Rust binaries to the current encrypted JavaScript approach. The malware's command and control infrastructure is now based on the Solana blockchain, utilizing transaction memos with base64-encoded URLs to maintain decentralized and resilient control, making takedown efforts extremely challenging. Over 50,000 downloads of the malicious extensions have been recorded, and the campaign's infrastructure has been linked to previous waves through shared IP addresses and encryption keys. The sophistication and persistence of GlassWorm highlight the growing threat to macOS developers and users who rely on third-party extension marketplaces for their development environments.
1 months ago
Open VSX Registry Supply-Chain Attack Spreads GlassWorm via Compromised VSCode Extensions
A supply-chain compromise of the **Open VSX Registry** led to malicious updates being pushed to legitimate Visual Studio Code extensions after attackers gained access to a developer’s publishing credentials (likely via a leaked token or other unauthorized access). Reporting indicates four established extensions from the `oorzc` publisher were trojanized and distributed via Open VSX before being removed, with prior legitimate adoption measured in the tens of thousands of downloads and subsequent exposure affecting downstream developer environments. The injected payload delivered the **GlassWorm** malware/loader, which executes via obfuscated JavaScript embedded in the extension and includes environment checks (notably avoiding execution on **Russian-locale** systems). Technical details describe a multi-stage loader with capabilities aligned to credential and data theft, including macOS credential and cryptocurrency wallet targeting, and use of techniques such as **EtherHiding** to retrieve command-and-control infrastructure dynamically; defenders are advised to identify and remove affected extension versions and review developer endpoints for signs of compromise and credential/token leakage.
1 months ago