Executive Summary

The GlassWorm malware campaign has re-emerged on the OpenVSX registry, targeting the Visual Studio Code (VSCode) ecosystem with three newly identified malicious extensions. These extensions, which have collectively been downloaded over 10,000 times, employ advanced obfuscation techniques—specifically, invisible Unicode characters—to evade both static and manual code analysis. The malware leverages the Solana blockchain for payload delivery and command-and-control (C2) communication, enabling the exfiltration of developer credentials and cryptocurrency wallet data. This incident underscores the persistent and evolving threat of supply-chain attacks within open-source developer tooling, and highlights the critical need for robust extension vetting, credential hygiene, and continuous monitoring within development environments.

Threat Actor Profile

The operators behind the GlassWorm campaign are Russian-speaking threat actors with a demonstrated proficiency in supply-chain attack methodologies. They utilize the RedExt open-source C2 browser extension framework to manage compromised endpoints and orchestrate lateral movement. While there is no direct attribution to a specific Advanced Persistent Threat (APT) group, the tactics, techniques, and procedures (TTPs) observed in this campaign are consistent with those of highly skilled, financially motivated cybercriminals. The group has previously targeted JavaScript projects on GitHub using similar Unicode steganography, indicating a broad and adaptive targeting strategy focused on developer ecosystems and open-source supply chains.

Technical Analysis of Malware/TTPs

The GlassWorm malware is distributed via malicious VSCode extensions uploaded to the OpenVSX registry. The three confirmed extensions carrying the GlassWorm payload as of November 2025 are ai-driven-dev.ai-driven-dev, adhamu.history-in-sublime-merge, and yasuyuky.transient-emacs. All current versions of these extensions are considered compromised, and any installation or update after October 2025 should be treated as potentially malicious.

The primary infection vector is the installation of these extensions by unsuspecting users. The malware’s JavaScript payload is heavily obfuscated using invisible Unicode characters, a technique that allows it to bypass both automated static analysis and manual code review. Upon execution, the malware establishes outbound connections to attacker-controlled C2 endpoints, some of which are dynamically resolved via Solana blockchain transactions. This blockchain-based C2 mechanism provides resilience against takedown efforts and complicates traditional network-based detection.

Once active, GlassWorm targets a wide array of sensitive data, including GitHub, NPM, and OpenVSX account credentials, as well as cryptocurrency wallet data from 49 wallet-related extensions. The malware is not self-replicating in the traditional sense, but it leverages stolen credentials to compromise additional accounts and publish further malicious packages, enabling a form of exponential spread within the developer community.

The campaign’s infrastructure includes updated C2 endpoints and persistence mechanisms, such as registry modifications on Windows systems (e.g., HKCU\Software\Microsoft\Windows\CurrentVersion\Run), to ensure continued access and data exfiltration. The use of the RedExt C2 framework allows operators to manage infected hosts, deploy additional payloads, and coordinate credential theft operations at scale.

Exploitation in the Wild

The exploitation phase of the GlassWorm campaign has been observed globally, with confirmed infections in the United States, South America, Europe, Asia, and at least one government entity in the Middle East. The initial access is achieved through the installation of malicious OpenVSX extensions, often by developers seeking new or updated functionality. Once installed, the malware immediately begins harvesting credentials and wallet data, which are exfiltrated to attacker-controlled infrastructure.

The campaign is notable for its use of blockchain-based C2, which allows payloads and instructions to be delivered via Solana transactions, making traditional domain or IP-based blocking ineffective. At least 60 distinct victims have been identified from a single exposed attacker endpoint, but the true scope of the campaign is likely much broader given the download statistics and the nature of supply-chain propagation.

Following the containment of the initial OpenVSX outbreak, the threat actors have pivoted to targeting JavaScript projects on GitHub using similar obfuscation techniques, indicating a persistent focus on developer-centric supply chains.

Victimology and Targeting

The GlassWorm campaign primarily targets software developers, open-source contributors, and organizations that rely on VSCode and OpenVSX extensions. The affected sectors include software development, cryptocurrency, and any enterprise or individual utilizing the compromised extensions. The global reach of the campaign is evidenced by infections across multiple continents and sectors, with a particular emphasis on environments where credential theft can facilitate further supply-chain compromise.

The targeting is opportunistic but highly effective, as the compromised extensions are distributed through legitimate channels and often installed by users with elevated privileges or access to sensitive repositories. The theft of credentials not only enables direct financial gain through cryptocurrency theft but also provides the attackers with the means to compromise additional projects and propagate the malware further.

Mitigation and Countermeasures

Immediate action is required to contain and remediate the GlassWorm threat. All organizations and individuals should audit their VSCode environments and remove the following extensions without delay: ai-driven-dev.ai-driven-dev, adhamu.history-in-sublime-merge, and yasuyuky.transient-emacs. Any system where these extensions were installed must be considered compromised, and all associated credentials—including GitHub, NPM, OpenVSX, and cryptocurrency wallet keys—should be rotated immediately.

Security teams should implement monitoring for obfuscated code, particularly invisible Unicode characters, within all extensions and dependencies. Network logs should be reviewed for suspicious outbound connections, especially those involving Solana blockchain transactions or previously unknown C2 endpoints. Automated security scanning tools capable of detecting Unicode steganography and dynamic payload fetching should be integrated into the extension vetting process.

Organizations are strongly encouraged to coordinate with law enforcement and share indicators of compromise (IOCs) with trusted threat intelligence partners. Developer education on the risks of supply-chain attacks and secure credential management is essential to reducing the attack surface. Finally, collaboration with extension marketplaces and the broader security community will be critical in identifying and responding to future campaigns.

References

BleepingComputer: GlassWorm malware returns on OpenVSX with 3 new VSCode extensions – https://www.bleepingcomputer.com/news/security/glassworm-malware-returns-on-openvsx-with-3-new-vscode-extensions/

Koi Security: GlassWorm campaign tracking – https://www.koi.ai/blog/glassworm-first-self-propagating-worm-using-invisible-code-hits-openvsx-marketplace

Truesec: GlassWorm – Self-Propagating VSCode Extension Worm – https://www.truesec.com/hub/blog/glassworm-self-propagating-vscode-extension

MITRE ATT&CK: T1195.002, T1574.006, T1555, T1027, T1550 – https://attack.mitre.org/

OpenVSX Security Advisory – https://open-vsx.org/

About Rescana

Rescana is a leader in third-party risk management and supply chain security. Our platform empowers organizations to continuously monitor, assess, and mitigate risks across their digital ecosystem, providing actionable intelligence and automated workflows to secure the software supply chain. For further information or to discuss this advisory, we are happy to answer questions at ops@rescana.com.