GlassWorm Supply-Chain Campaign Abuses Open VSX Extension Dependencies
GlassWorm expanded its software supply-chain campaign in the Open VSX ecosystem by publishing dozens of seemingly benign extensions that later pull in malicious components through the extensionPack and extensionDependencies manifest fields. Socket reported 73 malicious Open VSX extensions linked to the operation, while another report cited 72 newly identified packages, reflecting the same campaign and detection set. The technique allows attackers to establish trust with an initial standalone-looking extension and then, in a later update, silently install a hidden GlassWorm loader as a transitive dependency, defeating one-time review of the original package. The malicious listings impersonate common developer tools including formatters, linters, language support packages, and AI coding assistants to maximize installation volume.
The campaign preserves earlier GlassWorm tradecraft while improving evasion and resilience. Reported behaviors include staged JavaScript execution, Russian locale/timezone geofencing, use of Solana transaction memos as dead drops, and in-memory execution of follow-on code. Socket also observed infrastructure and loader changes, including reuse of 45[.]32[.]150[.]251, addition of 45[.]32[.]151[.]157 and 70[.]34[.]242[.]255, migration to a new Solana wallet, and a shift from a static AES-wrapped loader to heavier RC4/base64/string-array obfuscation with decryption material moved into HTTP response headers such as ivbase64 and secretkey. This is a substantive threat-intelligence and vulnerability-exposure story, not fluff, because it documents an active malicious campaign, specific delivery mechanisms, and concrete infrastructure tied to developer-targeted compromise.
Related Entities
Threat Actors
Malware
Affected Products
Sources
1 more from sources like socket blog
Related Stories
GlassWorm Supply Chain Attack via Malicious VS Code and Open VSX Extensions
The GlassWorm malware campaign has resurfaced with a third wave of attacks, distributing 24 malicious extensions across the Microsoft Visual Studio Marketplace and Open VSX repositories. These extensions impersonate popular developer tools and frameworks such as Flutter, React, Tailwind, Vim, and Vue, aiming to compromise developer environments. Once installed, the malware attempts to steal credentials for GitHub, npm, and OpenVSX accounts, as well as cryptocurrency wallet data, and can turn infected machines into attacker-controlled nodes for further criminal activity. The attackers have also been observed artificially inflating download counts to increase the visibility and perceived trustworthiness of their malicious extensions. GlassWorm employs advanced evasion techniques, including the use of invisible Unicode characters to hide malicious code and the deployment of a SOCKS proxy and HVNC client for stealthy remote access. Despite previous efforts by Microsoft and Open VSX to remove infected packages and rotate compromised access tokens, the threat actors have continued to return with new publisher accounts and updated extensions. The campaign highlights the ongoing risks in the software supply chain, particularly for developers relying on third-party extensions from public repositories.
3 months ago
Open VSX Registry Supply-Chain Attack Spreads GlassWorm via Compromised VSCode Extensions
A supply-chain compromise of the **Open VSX Registry** led to malicious updates being pushed to legitimate Visual Studio Code extensions after attackers gained access to a developer’s publishing credentials (likely via a leaked token or other unauthorized access). Reporting indicates four established extensions from the `oorzc` publisher were trojanized and distributed via Open VSX before being removed, with prior legitimate adoption measured in the tens of thousands of downloads and subsequent exposure affecting downstream developer environments. The injected payload delivered the **GlassWorm** malware/loader, which executes via obfuscated JavaScript embedded in the extension and includes environment checks (notably avoiding execution on **Russian-locale** systems). Technical details describe a multi-stage loader with capabilities aligned to credential and data theft, including macOS credential and cryptocurrency wallet targeting, and use of techniques such as **EtherHiding** to retrieve command-and-control infrastructure dynamically; defenders are advised to identify and remove affected extension versions and review developer endpoints for signs of compromise and credential/token leakage.
1 months ago
GlassWorm Supply Chain Attacks Through Compromised Developer and Package Publisher Accounts
**GlassWorm** is driving active software supply chain compromises by abusing stolen credentials to insert malware into widely used open-source code and package ecosystems. One campaign, dubbed **ForceMemo**, used GitHub tokens stolen from developer machines via malicious VS Code and Cursor extensions to force-push obfuscated payloads into hundreds of Python repositories, including Django apps, ML projects, Streamlit dashboards, and PyPI-linked codebases. The injected code was appended to files such as `setup.py`, `main.py`, and `app.py`, preserved original commit metadata to reduce suspicion, skipped execution on systems using a Russian locale, and retrieved follow-on payload locations through the memo field of a Solana wallet previously associated with GlassWorm. A separate but related supply chain intrusion hit npm on March 16, when two React Native packages from the same publisher — `react-native-country-select@0.3.91` and `react-native-international-phone-number@0.11.8` — were backdoored with identical `preinstall` malware. Installing either package triggered a multi-stage Windows-focused credential and cryptocurrency stealer capable of persistence and additional payload delivery, exposing developers, CI runners, and build agents to compromise through routine dependency installation. A third report on malicious npm packages posing as a Roblox *Solara* executor describes a different campaign, **Cipher stealer**, targeting Discord, browsers, and crypto wallets, and does not appear tied to GlassWorm or the compromised React Native packages.
Today