Open VSX Token Exposure and GlassWorm Supply Chain Attack
Eclipse Foundation revoked a small number of leaked access tokens for the Open VSX extension marketplace after a report from Wiz revealed that several Visual Studio Code extensions had inadvertently exposed their tokens in public repositories. This exposure could have allowed attackers to take control of extensions and distribute malware, posing a significant supply chain risk. The foundation confirmed that the leaks were due to developer mistakes, not a compromise of Open VSX infrastructure, and has since implemented new security measures, including a token prefix format and reduced token lifetimes. Additionally, extensions flagged as part of the "GlassWorm" campaign by Koi Security were removed, and the foundation clarified that the reported download numbers were likely inflated by bots and threat actor tactics.
The GlassWorm campaign involved the use of hidden malicious code injected with invisible Unicode Private Use Area (PUA) characters, a technique previously observed in npm packages and now seen in compromised Open VSX extensions. Security researchers noted that the same threat actor has shifted focus to GitHub repositories, using increasingly stealthy methods to inject malware into legitimate-looking commits. The campaign highlights the evolving tactics of supply chain attackers and the importance of proactive security measures in open-source ecosystems.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
8 events from the most recent confirmed update back to the earliest known activity.
Law enforcement receives data tied to GlassWorm infrastructure
Researchers provided law enforcement with additional information related to cryptocurrency exchanges and messaging platforms allegedly involved in the GlassWorm operation. This marked an escalation from technical reporting to active information-sharing for possible enforcement action.
Threat actor linked to Russian-speaking operators and RedExt framework
Technical analysis published on November 10, 2025 attributed the GlassWorm activity to a likely Russian-speaking threat actor. Researchers said the operation used the open-source RedExt browser-extension command-and-control framework and blockchain-based infrastructure to update C2 details.
Researchers report GlassWorm resurgence and wider victim impact
By November 10, 2025, multiple reports said the renewed campaign had affected at least 60 organizations worldwide, including a major Middle Eastern government entity. Researchers also described the malware as using stolen GitHub, Git, and npm credentials to spread into repositories and maintain persistence.
Three new Open VSX extensions are compromised by GlassWorm
On November 6, 2025, researchers found three additional malicious VS Code extensions on Open VSX, showing that the campaign had resurfaced despite earlier token revocations. These extensions added about 10,000 more downloads to the operation and reused the same invisible-Unicode obfuscation technique.
Researchers find GlassWorm has shifted to GitHub JavaScript projects
Aikido researchers reported a new wave of attacks on GitHub JavaScript repositories using hidden Unicode Private Use Area characters to conceal malicious code. The campaign, tied to the same actor behind the npm and Open VSX incidents, used stolen credentials and Solana-hosted payload delivery, raising concerns about worm-like propagation.
Eclipse Foundation revokes and rotates compromised Open VSX tokens
Following the discovery of leaked tokens, the Eclipse Foundation/Open VSX team removed malicious extensions and revoked or rotated compromised access tokens to contain the attack. The registry also began planning additional protections such as shorter token lifetimes, faster revocation, and automated extension scanning.
Wiz discovers hundreds of leaked marketplace and Open VSX secrets
Wiz researchers identified more than 550 exposed secrets across the Microsoft VS Code and Open VSX extension ecosystems, including tokens that could be abused to publish malicious extensions. This discovery linked leaked developer credentials to the ongoing GlassWorm supply-chain activity.
GlassWorm campaign compromises Open VSX extensions in mid-October
By mid-October 2025, the broader GlassWorm supply-chain campaign had already compromised about a dozen VS Code/Open VSX extensions, generating roughly 35,000 downloads. The malware used invisible Unicode characters to hide JavaScript payloads that stole developer credentials and cryptocurrency-related data.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
12 references tracked. Mallory keeps watching after this page renders.
How GlassWorm wormed its way back into developers’ code — and what it says about open source security
csoonline.com
Open sourceGlassWorm malware has resurfaced on the Open VSX registry
securityaffairs.com
Open sourceGlassWorm Worm Resurfaces: Invisible Unicode Malware Re-Infects VS Code Extensions, Spreads to GitHub
securityonline.info
Open sourceGlassWorm Malware Discovered in Three VS Code Extensions with Thousands of Installs
thehackernews.com
Open sourceOpen VSX tokens revoked after GlassWorm campaign
scworld.com
Open sourceOpen VSX rotates access tokens used in supply-chain malware attack
bleepingcomputer.com
Open sourceThe Return of the Invisible Threat: Hidden PUA Unicode Hits GitHub repositorties
aikido.dev
Open sourceEclipse Foundation Revokes Leaked Open VSX Tokens Following Wiz Discovery
thehackernews.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Open VSX Registry Supply-Chain Attack Spreads GlassWorm via Compromised VSCode Extensions
A supply-chain compromise of the **Open VSX Registry** led to malicious updates being pushed to legitimate Visual Studio Code extensions after attackers gained access to a developer’s publishing credentials (likely via a leaked token or other unauthorized access). Reporting indicates four established extensions from the `oorzc` publisher were trojanized and distributed via Open VSX before being removed, with prior legitimate adoption measured in the tens of thousands of downloads and subsequent exposure affecting downstream developer environments. The injected payload delivered the **GlassWorm** malware/loader, which executes via obfuscated JavaScript embedded in the extension and includes environment checks (notably avoiding execution on **Russian-locale** systems). Technical details describe a multi-stage loader with capabilities aligned to credential and data theft, including macOS credential and cryptocurrency wallet targeting, and use of techniques such as **EtherHiding** to retrieve command-and-control infrastructure dynamically; defenders are advised to identify and remove affected extension versions and review developer endpoints for signs of compromise and credential/token leakage.
Mar 21, 2026
GlassWorm Supply Chain Attack via Malicious VS Code and Open VSX Extensions
The GlassWorm malware campaign has resurfaced with a third wave of attacks, distributing 24 malicious extensions across the Microsoft Visual Studio Marketplace and Open VSX repositories. These extensions impersonate popular developer tools and frameworks such as Flutter, React, Tailwind, Vim, and Vue, aiming to compromise developer environments. Once installed, the malware attempts to steal credentials for GitHub, npm, and OpenVSX accounts, as well as cryptocurrency wallet data, and can turn infected machines into attacker-controlled nodes for further criminal activity. The attackers have also been observed artificially inflating download counts to increase the visibility and perceived trustworthiness of their malicious extensions. GlassWorm employs advanced evasion techniques, including the use of invisible Unicode characters to hide malicious code and the deployment of a SOCKS proxy and HVNC client for stealthy remote access. Despite previous efforts by Microsoft and Open VSX to remove infected packages and rotate compromised access tokens, the threat actors have continued to return with new publisher accounts and updated extensions. The campaign highlights the ongoing risks in the software supply chain, particularly for developers relying on third-party extensions from public repositories.
Apr 29, 2026
GlassWorm Supply Chain Attack on Visual Studio Code Extensions
A sophisticated supply chain attack has targeted Visual Studio Code (VS Code) extensions, leveraging a self-propagating worm known as GlassWorm. Security researchers at Koi Security discovered the malware after identifying suspicious behavior in an extension called CodeJoy on the OpenVSX marketplace. The worm employs a novel technique using invisible Unicode characters, making the malicious code undetectable to the human eye within code editors. This approach allows the malware to evade traditional detection methods and remain stealthy within compromised extensions. GlassWorm utilizes the Solana blockchain as its primary command-and-control (C2) channel, with Google Calendar serving as a backup C2 infrastructure, enhancing its resilience and making takedown efforts more challenging. The worm has already infected nearly 36,000 developer machines, indicating a significant impact on the developer ecosystem. Once installed, GlassWorm harvests credentials from NPM, GitHub, and Git, enabling it to propagate further by compromising additional packages and extensions. The malware also targets cryptocurrency wallets, seeking to steal digital assets from affected users. Infected systems are converted into SOCKS proxy servers, effectively turning developer machines into part of the attacker's extended C2 infrastructure. Additionally, GlassWorm installs hidden virtual network computing (VNC) servers, granting attackers full remote access to compromised machines. The attack highlights the growing risks associated with open-source marketplaces and the potential for widespread compromise through popular development tools. Security experts emphasize the importance of scrutinizing extension code and implementing stronger guardrails in extension marketplaces to prevent similar attacks. The use of invisible Unicode and blockchain-based C2 channels represents a significant evolution in malware stealth and persistence. The incident underscores the need for developers and organizations to monitor for unusual extension behavior and to regularly audit installed extensions for signs of compromise. The attack also demonstrates the potential for supply chain threats to rapidly scale, given the interconnected nature of developer tools and platforms. As the investigation continues, security vendors and marketplace operators are working to identify and remove malicious extensions and to strengthen defenses against future supply chain attacks.
Apr 25, 2026