In October 2025, cybersecurity researchers identified a sophisticated malware campaign named GlassWorm, which has been infiltrating Visual Studio Code (VS Code) extensions through both the Open VSX Registry and Microsoft’s Extension Marketplace. This attack underscores the increasing focus of cybercriminals on developers and their tools.
Discovery and Initial Impact
The GlassWorm campaign was first detected on October 17, 2025, when security firm Koi Security observed unusual behavior in certain VS Code extensions. Notably, an extension named CodeJoy exhibited network activities unrelated to its intended functions. Further investigation revealed that multiple extensions had been compromised, leading to approximately 35,800 installations of the infected software. The affected extensions include:
– codejoy.codejoy-vscode-extension (versions 1.8.3 and 1.8.4)
– l-igh-t.vscode-theme-seti-folder (version 1.2.3)
– kleinesfilmroellchen.serenity-dsl-syntaxhighlight (version 0.3.2)
– JScearcy.rust-doc-viewer (version 4.2.1)
– SIRILMP.dark-theme-sm (version 3.11.4)
– CodeInKlingon.git-worktree-menu (versions 1.0.9 and 1.0.91)
– ginfuru.better-nunjucks (version 0.3.2)
– ellacrity.recoil (version 0.7.4)
– grrrck.positron-plus-1-e (version 0.0.71)
– jeronimoekerdt.color-picker-universal (version 2.8.91)
– srcery-colors.srcery-colors (version 0.3.9)
– sissel.shopify-liquid (version 4.0.1)
– TretinV3.forts-api-extention (version 0.3.1)
– cline-ai-main.cline-ai-agent (version 3.1.3)
Stealth Techniques
GlassWorm employs advanced methods to conceal its malicious code. It utilizes invisible Unicode characters, specifically variation selectors, to embed harmful code within the extensions. These characters do not produce visible output, making the malicious code undetectable to human reviewers and many static analysis tools. This technique allows the malware to evade detection and persist within the development environment.
Command-and-Control Infrastructure
The malware’s command-and-control (C2) infrastructure is notably resilient. GlassWorm leverages the Solana blockchain to store Base64-encoded links to additional payloads. By embedding these links within blockchain transactions, the attackers ensure that their C2 infrastructure is decentralized and resistant to takedown efforts. If the primary C2 channel is disrupted, the malware can fall back on alternative methods, such as retrieving commands from Google Calendar events. This multi-layered approach complicates efforts to neutralize the threat.
Malware Capabilities and Propagation
Once installed, GlassWorm exhibits a range of malicious behaviors:
– Credential Theft: The malware searches for and exfiltrates credentials from various developer platforms, including npm, GitHub, and Open VSX.
– Cryptocurrency Theft: It targets cryptocurrency wallets by scanning for over 49 different wallet extensions, aiming to steal digital assets.
– System Compromise: GlassWorm installs SOCKS proxy servers and hidden VNC clients, transforming infected machines into nodes within a larger cybercriminal infrastructure. This setup allows attackers to remotely access and control compromised systems without detection.
– Self-Propagation: Utilizing the stolen credentials, the malware publishes infected versions of extensions to various repositories. This self-replicating behavior enables GlassWorm to spread rapidly across the developer ecosystem.
Secondary Payload: ZOMBI
A critical component of the GlassWorm attack is its secondary payload, dubbed ZOMBI. This heavily obfuscated JavaScript code further compromises infected systems by:
– Deploying SOCKS Proxies: These proxies allow attackers to route malicious traffic through the infected machines, effectively masking their activities.
– Establishing Peer-to-Peer Communication: Using WebRTC modules, ZOMBI sets up peer-to-peer connections, facilitating decentralized command distribution.
– Implementing Hidden VNC Servers: The malware installs hidden Virtual Network Computing (VNC) servers, granting attackers remote desktop access to the compromised systems.
Ongoing Threat and Recommendations
As of late October 2025, GlassWorm remains an active threat. Several infected extensions continue to distribute the malware, and the C2 infrastructure is operational. Developers are urged to:
– Audit Installed Extensions: Review all installed VS Code extensions for signs of compromise.
– Update Credentials: Change passwords and authentication tokens for developer platforms to prevent unauthorized access.
– Enhance Security Measures: Implement behavioral monitoring tools capable of detecting unusual activities, such as hidden Unicode characters and unexpected network communications.
The emergence of GlassWorm highlights the evolving nature of supply chain attacks and the need for heightened vigilance within the developer community. By exploiting trusted development tools and employing sophisticated evasion techniques, attackers can infiltrate systems and propagate malware with alarming efficiency.
