Executive Summary

A critical supply chain attack, identified as GlassWorm, has been uncovered within the Visual Studio Code (VS Code) extension ecosystem. This campaign leverages malicious extensions to infiltrate developer environments, exfiltrate sensitive credentials, and propagate itself in a worm-like fashion. The attack is characterized by advanced obfuscation techniques, including the use of invisible Unicode characters, and a resilient blockchain-based command and control (C2) infrastructure. The three primary extensions implicated—ai-driven-dev.ai-driven-dev, adhamu.history-in-sublime-merge, and yasuyuky.transient-emacs—have collectively amassed thousands of installations, placing a broad spectrum of organizations at risk. The campaign has resulted in confirmed compromises across government, enterprise, and software development sectors globally. Immediate action is required to mitigate ongoing risk and prevent further propagation.

Threat Actor Profile

The GlassWorm campaign is attributed to a Russian-speaking threat actor exhibiting a high degree of operational security and technical sophistication. The actor utilizes the open-source browser extension C2 framework RedExt and demonstrates advanced persistence mechanisms, including blockchain-based C2 channels. The campaign’s infrastructure is designed for rapid reconfiguration and takedown resistance, leveraging the Solana blockchain to dynamically update C2 endpoints. The actor’s tactics indicate a focus on credential theft, financial gain via cryptocurrency wallet targeting, and the establishment of proxy infrastructure for further criminal operations. Keylogger data inadvertently exfiltrated from the attacker’s own machine has provided rare attribution clues, reinforcing the assessment of a Russian-speaking origin.

Technical Analysis of Malware/TTPs

GlassWorm operates through a multi-stage attack chain initiated by the installation of malicious VS Code extensions. The initial vector involves the publication of trojanized extensions on both the Open VSX Registry and the Microsoft Extension Marketplace. The malicious payload is obfuscated using invisible Unicode characters, such as zero-width spaces and non-breaking spaces, which evade static code analysis and signature-based detection.

Upon installation, the extension executes scripts that harvest credentials from the local environment, including Open VSX, GitHub, and Git credentials. The malware specifically targets 49 different cryptocurrency wallet extensions, enabling the theft of digital assets. Stolen credentials are then used to compromise additional extensions, allowing the malware to self-propagate in a worm-like manner across the VS Code ecosystem.

The malware establishes persistence by modifying Windows registry keys, specifically HKCU\Software\Microsoft\Windows\CurrentVersion\Run and HKLM\Software\Microsoft\Windows\CurrentVersion\Run, ensuring execution upon system startup. For remote access, GlassWorm deploys additional tools, including SOCKS proxy servers and hidden VNC servers, granting the attacker full control over infected machines.

Command and control is maintained via endpoints dynamically referenced through Solana blockchain transactions. Infected hosts periodically query the blockchain for updated C2 addresses, significantly complicating takedown efforts. As a backup, the malware can also utilize Google Calendar events as an alternative C2 channel. Exfiltration of data occurs over HTTP to hardcoded endpoints, and infected machines may be conscripted into a criminal proxy network.

The campaign’s tactics, techniques, and procedures (TTPs) align with several MITRE ATT&CK techniques, including T1059 (Command and Scripting Interpreter), T1078 (Valid Accounts), T1556 (Modify Authentication Process), T1566 (Phishing), T1105 (Ingress Tool Transfer), and T1090 (Proxy).

Exploitation in the Wild

Active exploitation of GlassWorm has been observed in the wild, with confirmed infections across the United States, South America, Europe, Asia, and notably, a major government entity in the Middle East. The campaign has compromised thousands of developer environments, leveraging stolen GitHub credentials to push malicious commits and further expand its reach. Infected machines have been observed acting as proxy infrastructure, facilitating additional criminal activity and complicating incident response efforts.

The rapid propagation of the malware is facilitated by its ability to compromise new extensions using harvested credentials, creating a self-sustaining infection cycle. The use of blockchain-based C2 channels has enabled the attacker to maintain operational continuity despite takedown efforts by extension marketplaces and security vendors.

Victimology and Targeting

The GlassWorm campaign exhibits broad targeting, with victims identified in government, enterprise, software development, and cryptocurrency sectors. The attack is opportunistic, exploiting the widespread adoption of VS Code and the trust placed in its extension ecosystem. The inclusion of cryptocurrency wallet extensions as specific targets indicates a financial motivation, while the compromise of government and enterprise networks suggests potential for both espionage and monetization.

Victims are geographically dispersed, with confirmed cases in the United States, South America, Europe, Asia, and the Middle East. The campaign’s ability to leverage stolen credentials for lateral movement and further compromise underscores the risk to organizations with interconnected development environments and supply chains.

Mitigation and Countermeasures

Immediate mitigation steps are essential to contain the GlassWorm threat. Organizations must uninstall the affected extensions—ai-driven-dev.ai-driven-dev, adhamu.history-in-sublime-merge, and yasuyuky.transient-emacs—from all VS Code environments. All credentials associated with Open VSX, GitHub, and Git on systems where these extensions were present should be rotated without delay.

A comprehensive audit of repositories and recent commits is necessary to identify unauthorized activity, particularly if GitHub credentials were exposed. Security teams should monitor the Solana blockchain for suspicious transactions that may reference C2 endpoints and review network logs for connections to known malicious infrastructure, including 217.69.3.218 and 140.82.52.31:80/wall.

Threat hunting efforts should focus on detecting invisible Unicode characters within extension code and scripts, as well as identifying persistence mechanisms in the Windows registry. Network segmentation should be employed to isolate potentially infected machines and prevent lateral movement. Organizations are strongly advised to implement extension hygiene policies, installing only from trusted publishers, maintaining an inventory of approved extensions, and considering centralized allowlisting for VS Code extensions.

Ongoing user education regarding the risks of supply chain attacks and the importance of credential security is also recommended. Incident response plans should be updated to account for the unique propagation and persistence mechanisms employed by GlassWorm.

References

• The Hacker News: GlassWorm Malware Discovered in Three VS Code Extensions

• Truesec: GlassWorm - Self-Propagating VSCode Extension Worm

• Koi Security: GlassWorm First Self-Propagating Worm Using Invisible Code

• MITRE ATT&CK Techniques

• Fluid Attacks: GlassWorm supply chain attack

• Open VSX Registry Security Advisory

About Rescana

Rescana is a leader in third-party risk management (TPRM), providing organizations with a comprehensive platform to assess, monitor, and mitigate cyber risks across their supply chain. Our advanced threat intelligence and automation capabilities empower security teams to proactively identify and address vulnerabilities, ensuring robust protection against evolving threats. For more information or to discuss how Rescana can support your organization’s cybersecurity posture, we are happy to answer questions at ops@rescana.com.