GlassWorm Supply Chain Attack via Malicious VS Code and Open VSX Extensions
The GlassWorm malware campaign has resurfaced with a third wave of attacks, distributing 24 malicious extensions across the Microsoft Visual Studio Marketplace and Open VSX repositories. These extensions impersonate popular developer tools and frameworks such as Flutter, React, Tailwind, Vim, and Vue, aiming to compromise developer environments. Once installed, the malware attempts to steal credentials for GitHub, npm, and OpenVSX accounts, as well as cryptocurrency wallet data, and can turn infected machines into attacker-controlled nodes for further criminal activity. The attackers have also been observed artificially inflating download counts to increase the visibility and perceived trustworthiness of their malicious extensions.
GlassWorm employs advanced evasion techniques, including the use of invisible Unicode characters to hide malicious code and the deployment of a SOCKS proxy and HVNC client for stealthy remote access. Despite previous efforts by Microsoft and Open VSX to remove infected packages and rotate compromised access tokens, the threat actors have continued to return with new publisher accounts and updated extensions. The campaign highlights the ongoing risks in the software supply chain, particularly for developers relying on third-party extensions from public repositories.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
8 events from the most recent confirmed update back to the earliest known activity.
Open VSX removes confirmed malicious and suspected sleeper GlassWorm extensions
By 2026-04-27, Open VSX had removed both the confirmed malicious GlassWorm extensions and the suspected sleeper extensions identified by Socket. The takedown followed reporting on a cluster of 73 impersonation extensions, six of which had been activated to deliver malware.
Socket identifies 73 GlassWorm sleeper extensions on Open VSX
Socket reported a new GlassWorm cluster of 73 impersonation extensions on Open VSX, many apparently published benignly and later weaponized through updates. The firm said at least six had already been activated to deliver malware via methods including dependency abuse, GitHub-hosted VSIX retrieval, obfuscated JavaScript loaders, and bundled native binaries, and it published related IOCs.
Researchers detail Zig-based Glassworm dropper targeting multiple developer tools
Aikido reported that Glassworm used a malicious OpenVSX extension impersonating WakaTime that contained a Zig-compiled binary dropper. The malware scanned for IDEs including VS Code, Cursor, and VSCodium, installed second-stage malicious extensions across detected environments, and could also deploy a malicious Chrome extension while using Solana-based C2.
OpenVSX and Microsoft are notified about the renewed Glassworm campaign
After the latest wave was identified, both OpenVSX and Microsoft were informed about the ongoing malicious extension activity affecting their marketplaces. The notification followed discovery of the new publisher accounts and packages used in the campaign.
Researchers identify a third wave with 24 malicious extensions
Secure Annex researcher John Tuckner discovered a new wave of the Glassworm campaign involving 24 malicious extensions impersonating popular developer tools and frameworks across OpenVSX and the Visual Studio Marketplace. The attackers also inflated download counts to make the packages appear more legitimate and increase visibility.
Glassworm evolves with Rust implants and new C2 techniques
In its latest evolution, Glassworm adopted Rust-based implants for Windows and macOS and used Solana wallet addresses or Google Calendar events to retrieve command-and-control information. The malware also continued using stealth techniques such as invisible Unicode obfuscation and capabilities including SOCKS proxy and HVNC deployment.
OpenVSX performs cleanup and rotates access tokens after earlier Glassworm activity
Following earlier waves of the campaign, OpenVSX removed malicious packages and rotated access tokens in an effort to contain the compromise. These remediation steps did not stop the attackers from returning with new publisher accounts.
Glassworm launches initial malicious VS Code extension campaign
The Glassworm supply chain campaign began targeting developers through malicious extensions published to the OpenVSX and Microsoft Visual Studio marketplaces. The malware focused on stealing credentials and compromising additional packages to spread further.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
9 references tracked. Mallory keeps watching after this page renders.
A new challenge for software product managers | InfoWorld
infoworld.com
Open sourceGlassWorm attackers activate new ‘sleeper’ extensions on Open VSX | news | SC Media
scworld.com
Open sourceFresh Wave of GlassWorm VS Code Extensions Slices Through Supply Chain
darkreading.com
Open sourceMore fake extensions linked to GlassWorm found in Open VSX code marketplace | InfoWorld
infoworld.com
Open source73 Open VSX Sleeper Extensions Linked to GlassWorm Activate New Malware Campaign
cybersecuritynews.com
Open source73 Open VSX Sleeper Extensions Linked to GlassWorm Show New ...
socket.dev
Open sourceGlassWorm evolves with Zig dropper to infect multiple developer tools
securityaffairs.com
Open sourceGlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools
thehackernews.com
Open sourceGlassworm malware returns in third wave of malicious VS Code packages
bleepingcomputer.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
GlassWorm Supply Chain Attack on Visual Studio Code Extensions
A sophisticated supply chain attack has targeted Visual Studio Code (VS Code) extensions, leveraging a self-propagating worm known as GlassWorm. Security researchers at Koi Security discovered the malware after identifying suspicious behavior in an extension called CodeJoy on the OpenVSX marketplace. The worm employs a novel technique using invisible Unicode characters, making the malicious code undetectable to the human eye within code editors. This approach allows the malware to evade traditional detection methods and remain stealthy within compromised extensions. GlassWorm utilizes the Solana blockchain as its primary command-and-control (C2) channel, with Google Calendar serving as a backup C2 infrastructure, enhancing its resilience and making takedown efforts more challenging. The worm has already infected nearly 36,000 developer machines, indicating a significant impact on the developer ecosystem. Once installed, GlassWorm harvests credentials from NPM, GitHub, and Git, enabling it to propagate further by compromising additional packages and extensions. The malware also targets cryptocurrency wallets, seeking to steal digital assets from affected users. Infected systems are converted into SOCKS proxy servers, effectively turning developer machines into part of the attacker's extended C2 infrastructure. Additionally, GlassWorm installs hidden virtual network computing (VNC) servers, granting attackers full remote access to compromised machines. The attack highlights the growing risks associated with open-source marketplaces and the potential for widespread compromise through popular development tools. Security experts emphasize the importance of scrutinizing extension code and implementing stronger guardrails in extension marketplaces to prevent similar attacks. The use of invisible Unicode and blockchain-based C2 channels represents a significant evolution in malware stealth and persistence. The incident underscores the need for developers and organizations to monitor for unusual extension behavior and to regularly audit installed extensions for signs of compromise. The attack also demonstrates the potential for supply chain threats to rapidly scale, given the interconnected nature of developer tools and platforms. As the investigation continues, security vendors and marketplace operators are working to identify and remove malicious extensions and to strengthen defenses against future supply chain attacks.
Apr 25, 2026
GlassWorm Supply-Chain Worm Hits VS Code, OpenVSX, npm, PyPI, and GitHub
**GlassWorm** was reported as a self-propagating supply-chain malware campaign that spread through developer ecosystems including the **VS Code Marketplace**, **OpenVSX**, **npm**, **PyPI**, and **GitHub** repositories. Reporting indicates the malware abused **invisible Unicode characters** to hide malicious logic inside extensions and packages, allowing payloads to evade casual review while embedding decoder routines, command-and-control markers, and other indicators of compromise. One wave specifically targeted **macOS** users through poisoned OpenVSX extensions, expanding the campaign beyond code repositories into developer workstations. Security researchers and defenders responded by publishing detection guidance and tooling to hunt for GlassWorm artifacts across local Git repositories, VS Code extensions, and package dependencies. The open-source **`glassworm-hunter`** project was released to scan for hidden Unicode payloads, decoder patterns, C2 markers, and known malicious IOCs, reflecting concern that the campaign crossed multiple software distribution channels rather than a single marketplace. The incident highlights a broad software supply-chain intrusion in which trusted developer platforms were used to distribute stealthy malware concealed inside seemingly legitimate code.
May 31, 2026
GlassWorm Malware Campaign Targets macOS via Malicious VS Code Extensions
A new wave of the GlassWorm malware campaign is actively targeting macOS users by distributing trojanized Visual Studio Code (VS Code) extensions through the OpenVSX marketplace. This fourth iteration marks a significant shift from previous campaigns, which primarily targeted Windows systems, and now leverages AES-256-CBC–encrypted JavaScript payloads embedded in extensions such as `studio-velte-distributor.pro-svelte-extension`, `cudra-production.vsce-prettier-pro`, and `Puccin-development.full-access-catppuccin-pro-extension`. The malware is designed to steal credentials for platforms like GitHub, npm, and OpenVSX, as well as cryptocurrency wallet data, and it supports remote access via VNC and SOCKS proxy routing. Notably, the latest campaign employs AppleScript for execution on macOS and introduces a 15-minute delay before activating its malicious logic, a tactic intended to evade detection by automated sandbox analysis. Researchers from Koi Security identified that the threat actor behind GlassWorm has adapted its techniques over four distinct waves since October, evolving from using invisible Unicode characters and compiled Rust binaries to the current encrypted JavaScript approach. The malware's command and control infrastructure is now based on the Solana blockchain, utilizing transaction memos with base64-encoded URLs to maintain decentralized and resilient control, making takedown efforts extremely challenging. Over 50,000 downloads of the malicious extensions have been recorded, and the campaign's infrastructure has been linked to previous waves through shared IP addresses and encryption keys. The sophistication and persistence of GlassWorm highlight the growing threat to macOS developers and users who rely on third-party extension marketplaces for their development environments.
Mar 21, 2026