Executive Summary

The resurgence of GlassWorm marks a significant escalation in the threat landscape for software supply chains, particularly those leveraging the Open VSX Registry and GitHub as distribution and collaboration platforms. GlassWorm is a highly sophisticated, self-propagating malware campaign that exploits the trust inherent in the Visual Studio Code (VS Code) extension ecosystem. By leveraging advanced obfuscation techniques, blockchain-based command and control (C2), and credential harvesting, GlassWorm has demonstrated the ability to rapidly compromise developer environments and propagate itself through both extension marketplaces and source code repositories. The campaign’s re-emergence on Open VSX and its expansion to GitHub repositories underscores the evolving tactics of threat actors targeting the software development supply chain. This advisory provides a comprehensive technical analysis, threat actor profiling, exploitation details, victimology, and actionable mitigation strategies to help organizations defend against this critical threat.

Threat Actor Profile

The operators behind GlassWorm are assessed to be Russian-speaking cybercriminals with a high degree of technical sophistication. Their operational toolkit includes the open-source browser extension C2 framework RedExt, and they demonstrate a deep understanding of both the VS Code extension architecture and the broader software supply chain. The campaign exhibits hallmarks of advanced supply chain attacks, including the use of invisible Unicode characters for code obfuscation, multi-layered C2 infrastructure, and rapid credential abuse for lateral movement. While no direct attribution to a known Advanced Persistent Threat (APT) group has been established, the tactics, techniques, and procedures (TTPs) employed suggest a well-resourced and highly motivated adversary with a focus on maximizing reach and persistence within developer ecosystems.

Technical Analysis of Malware/TTPs

GlassWorm is engineered to exploit the extension-based architecture of VS Code by embedding malicious payloads within seemingly benign extensions. The infection vector primarily involves the distribution of compromised extensions via the Open VSX Registry and the Microsoft VS Code Marketplace. The malware leverages invisible Unicode characters—such as zero-width spaces and non-breaking spaces—to obfuscate malicious code, rendering it nearly invisible during manual code reviews and static analysis.

Upon installation, the malicious extension executes a multi-stage payload. The initial stage focuses on harvesting sensitive credentials, including NPM, GitHub, and Git authentication tokens. These credentials are exfiltrated to attacker-controlled infrastructure, enabling the threat actor to compromise additional developer accounts and propagate the worm to new repositories and extensions.

A notable feature of GlassWorm is its triple-layered C2 architecture. The primary C2 channel utilizes direct IP connections for payload delivery and data exfiltration, with endpoints such as 217.69.3.218 and 140.82.52.31:80/wall. As a fallback, the malware leverages the Solana blockchain by posting transactions containing updated C2 endpoints to the wallet 28PKnu7RzizxBzFPoLp69HLXp9bJL3JFtT2s5QzHsEA2. Additionally, a Google Calendar event, organized by uhjdclolkdn@gmail.com, serves as a tertiary C2 channel, providing resilience against takedown efforts.

The malware’s capabilities extend beyond credential theft. It targets 49 different cryptocurrency wallet extensions, installs hidden VNC servers and SOCKS proxies for remote access, and establishes persistence via Windows registry keys (HKCU\Software\Microsoft\Windows\CurrentVersion\Run and HKLM\Software\Microsoft\Windows\CurrentVersion\Run). The self-propagating nature of GlassWorm is facilitated by the automated abuse of stolen credentials to publish malicious code to additional extensions and repositories, creating a rapidly expanding infection footprint.

Exploitation in the Wild

Active exploitation of GlassWorm has been observed since October 2025, with a marked increase in infections reported through November. The malware has been distributed via both newly published and previously trusted extensions on the Open VSX Registry and the Microsoft VS Code Marketplace. Notable malicious extensions include codejoy.codejoy-vscode-extension@1.8.3, l-igh-t.vscode-theme-seti-folder@1.2.3, kleinesfilmroellchen.serenity-dsl-syntaxhighlight@0.3.2, and cline-ai-main.cline-ai-agent@3.1.3, among others.

The campaign’s propagation strategy involves the automated compromise of developer accounts, which are then used to inject malicious code into additional extensions and GitHub repositories. This has resulted in thousands of downloads of infected extensions and the compromise of numerous open-source projects. Infected developer machines are repurposed as part of the attacker’s infrastructure, serving as proxies and remote access points, thereby increasing the risk of lateral movement within organizational networks.

Victimology and Targeting

The primary targets of GlassWorm are software developers and organizations that rely on VS Code extensions and open-source collaboration platforms. The campaign has affected a broad spectrum of sectors, including software development, cryptocurrency, government, and general IT infrastructure. Geographically, victims have been identified in the United States, South America, Europe, Asia, and a major government entity in the Middle East. The indiscriminate nature of the campaign, combined with its focus on supply chain compromise, poses a systemic risk to organizations of all sizes and industries that depend on open-source software and collaborative development workflows.

Mitigation and Countermeasures

Organizations are strongly advised to conduct an immediate audit of all installed VS Code extensions, with particular attention to those listed as malicious in this advisory. Any instance of a compromised extension should trigger a full credential rotation for NPM, GitHub, and Git accounts associated with the affected environment. Network monitoring should be implemented to detect and block connections to known C2 infrastructure, including 217.69.3.218, 140.82.52.31:80/wall, and the associated payload URLs.

It is critical to review recent GitHub and NPM activity for unauthorized commits or package uploads, as these may indicate further compromise. Organizations should consider disabling auto-update functionality for extensions and implementing a centralized allowlist to control which VS Code extensions can be installed within their environments. Endpoint detection and response (EDR) solutions should be configured to monitor for persistence mechanisms, such as modifications to the Windows registry keys identified above.

Security teams are encouraged to leverage threat intelligence feeds and the latest indicators of compromise (IOCs) provided in this report to enhance detection and response capabilities. Regular security awareness training for developers, emphasizing the risks associated with third-party extensions and the importance of credential hygiene, is also recommended.

References

Truesec: GlassWorm – Self-Propagating VSCode Extension Worm https://www.truesec.com/hub/blog/glassworm-self-propagating-vscode-extension

The Hacker News: GlassWorm Malware Discovered in Three VS Code Extensions https://thehackernews.com/2025/11/glassworm-malware-discovered-in-three.html

Koi Security: GlassWorm First Self-Propagating Worm Using Invisible Code Hits OpenVSX Marketplace https://www.koi.ai/blog/glassworm-first-self-propagating-worm-using-invisible-code-hits-openvsx-marketplace

SecurityWeek: GlassWorm Malware Returns to Open VSX, Emerges on GitHub https://www.securityweek.com/glassworm-malware-returns-to-open-vsx-emerges-on-github/

MITRE ATT&CK Framework https://attack.mitre.org/

About Rescana

Rescana is a leader in third-party risk management (TPRM), providing organizations with a comprehensive platform to assess, monitor, and mitigate cyber risks across their digital supply chains. Our advanced threat intelligence and automation capabilities empower security teams to proactively identify and address vulnerabilities, ensuring the resilience of critical business operations. For more information or to discuss how Rescana can support your organization’s cybersecurity strategy, we are happy to answer questions at ops@rescana.com.