Executive Summary

The resurgence of the GlassWorm malware campaign marks a critical escalation in the threat landscape for developer ecosystems worldwide. This sophisticated supply chain attack leverages trojanized extensions in both the Microsoft Visual Studio Marketplace and OpenVSX, targeting developers by impersonating widely used tools such as Flutter, React, Tailwind, Vim, and Vue. The campaign’s primary objectives are credential harvesting, cryptocurrency wallet draining, and the conscription of developer endpoints into attacker-controlled infrastructure. Notably, GlassWorm employs advanced evasion tactics, including the use of invisible Unicode characters for code obfuscation and blockchain-based command and control (C2) via the Solana blockchain, rendering traditional detection and takedown efforts largely ineffective. The worm’s self-propagating nature, combined with its ability to compromise additional packages using stolen credentials, poses an existential risk to the integrity of software supply chains and the security of organizations dependent on these ecosystems.

Threat Actor Profile

Attribution for the GlassWorm campaign remains inconclusive. The operational security, technical sophistication, and rapid evolution of tactics suggest a highly skilled and well-resourced threat actor, but no direct links to known Advanced Persistent Threat (APT) groups have been established in open-source reporting. The campaign demonstrates a deep understanding of developer workflows, marketplace vetting processes, and the nuances of supply chain trust relationships. The use of blockchain for C2, rapid update cycles, and artificial download inflation further indicate a threat actor with both technical acumen and strategic intent to maximize reach and persistence.

Technical Analysis of Malware/TTPs

GlassWorm propagates through malicious extensions uploaded to the Visual Studio Code Marketplace and OpenVSX. These extensions are crafted to mimic legitimate, popular developer tools, often with near-identical names and descriptions. The infection vector is amplified by artificially inflating download counts and manipulating search rankings, increasing the likelihood of installation by unsuspecting users.

Upon installation, the extension deploys a Rust-compiled implant—os.node for Windows and darwin.node for macOS. The implant establishes persistence via Windows registry keys (HKCU\Software\Microsoft\Windows\CurrentVersion\Run and HKLM\Software\Microsoft\Windows\CurrentVersion\Run), ensuring execution on system startup.

The malware’s C2 infrastructure is multi-layered. The primary C2 mechanism leverages a Solana blockchain wallet (28PKnu7RzizxBzFPoLp69HLXp9bJL3JFtT2s5QzHsEA2) to retrieve C2 addresses, providing resilience against takedown. As a backup, the implant parses events from a Google Calendar instance (e.g., https://calendar.app.google/M2ZCvM8ULL56PD1d6, organizer: uhjdclolkdn@gmail.com). Hardcoded IPs such as 217.69.3.218 and exfiltration endpoints like 140.82.52.31:80/wall serve as direct payload delivery and data exfiltration channels.

GlassWorm’s capabilities include:

• Harvesting credentials for npm, OpenVSX, GitHub, and Git.

• Draining assets from a wide array of cryptocurrency wallet extensions.

• Lateral movement by leveraging stolen credentials to compromise additional developer accounts and packages, enabling worm-like, exponential spread.

• Deploying SOCKS proxies and hidden VNC servers, transforming infected endpoints into nodes for further malicious activity.

• Obfuscating malicious code using invisible Unicode characters, thwarting both manual code review and automated static analysis.

• Rapid update cycles, where benign versions are initially uploaded to pass marketplace vetting, followed by swift deployment of malicious updates.

Exploitation in the Wild

Since October 2025, GlassWorm has been observed in multiple active waves, with new malicious extensions continuously appearing in both the VS Code and OpenVSX marketplaces. The campaign has resulted in tens of thousands of downloads, with infected machines being used for further attacks, cryptocurrency theft, and as part of a distributed criminal infrastructure. The auto-update feature of VS Code extensions exacerbates the risk, allowing infections to propagate silently and rapidly without user intervention. Stolen credentials have been used to compromise additional packages, creating a self-sustaining cycle of infection and lateral movement across the developer ecosystem.

Victimology and Targeting

GlassWorm is opportunistic in its targeting, affecting a broad spectrum of victims across the global software development landscape. The primary targets are individual developers, open-source contributors, and organizations that rely on Visual Studio Code and OpenVSX extensions. There is no evidence of geographic or sector-specific targeting; rather, the campaign seeks to maximize reach and impact by compromising widely used tools and frameworks. The theft of credentials and cryptocurrency assets, combined with the use of infected machines for further attacks, amplifies the risk to both individuals and organizations.

Mitigation and Countermeasures

Immediate action is required to contain and remediate GlassWorm infections. Organizations and developers should:

Conduct a comprehensive audit of all installed VS Code and OpenVSX extensions, specifically searching for the known malicious extension names and indicators of compromise (IOCs) detailed above. If any malicious extension is detected, immediately revoke and rotate all npm, GitHub, and Git credentials on affected systems to prevent further compromise. Implement network monitoring and blocking for connections to the identified C2 IPs, Solana wallet, and Google Calendar C2 URLs. Perform endpoint scanning to detect the presence of os.node and darwin.node files, and inspect Windows registry keys for persistence mechanisms. Disable auto-update for extensions where feasible, and consider enforcing a centralized allowlist for approved extensions to prevent unauthorized installations. If compromise is suspected, initiate a full forensic analysis, considering the potential for lateral movement and credential theft, and engage incident response resources as necessary.

References

The following open-source intelligence sources provide further technical details and ongoing updates regarding the GlassWorm campaign:

The Hacker News: GlassWorm Returns with 24 Malicious Extensions Truesec: GlassWorm – Self-Propagating VSCode Extension Worm Koi.ai: GlassWorm First Self-Propagating Worm Using Invisible Code Secure Annex: GlassWorm Campaign Analysis NVD - National Vulnerability Database: nvd.nist.gov (no CVE assigned as of this report) MITRE ATT&CK Framework: attack.mitre.org OpenVSX Security Advisories: open-vsx.org/advisories Microsoft Visual Studio Marketplace Security: marketplace.visualstudio.com/security

About Rescana

Rescana is a leader in third-party risk management (TPRM), providing organizations with a comprehensive platform to continuously monitor, assess, and mitigate cyber risks across their digital supply chains. Our advanced threat intelligence and automation capabilities empower security teams to proactively identify and respond to emerging threats, ensuring the resilience and integrity of your business operations. For more information or to discuss how Rescana can help strengthen your organization’s cyber defense posture, we are happy to answer questions at ops@rescana.com.