Executive Summary

The GlassWorm supply-chain attack represents a critical escalation in the threat landscape targeting developer ecosystems. Since late January 2026, threat actors have abused at least 72 Open VSX extensions, leveraging transitive dependencies and extension packs to propagate sophisticated malware. This campaign is characterized by its technical complexity, stealthy delivery mechanisms, and broad impact, with over 9 million installs of malicious extensions reported. The attackers’ objectives include credential theft, exfiltration of secrets, cryptocurrency wallet draining, and the conscription of infected developer endpoints as proxies. The campaign’s use of advanced evasion tactics, such as heavy obfuscation and blockchain-based command-and-control (C2) infrastructure, underscores the urgent need for heightened vigilance and robust supply-chain security controls.

Threat Actor Profile

The GlassWorm campaign has been active since at least October 2025, first identified by Koi Security. While there is no direct attribution to a known Advanced Persistent Threat (APT) group, the operational security, tradecraft, and technical sophistication suggest a highly skilled and well-resourced adversary. The campaign demonstrates a deep understanding of open-source software distribution, developer workflows, and the nuances of extension ecosystems. Some overlap with the PhantomRaven campaign has been observed, particularly in tactics and infrastructure, but recent npm-related activity appears to be the work of a separate actor or a security research experiment. The threat actors have shown a preference for avoiding Russian and CIS locales, indicating possible geopolitical motivations or operational constraints.

Technical Analysis of Malware/TTPs

The GlassWorm attack chain is multi-staged and leverages the inherent trust in open-source extension repositories. The infection begins with the publication of a benign-appearing extension to Open VSX, often mimicking popular developer tools such as linters, formatters, or AI coding assistants. In subsequent updates, the attacker introduces a malicious dependency or extension pack reference via the extensionPack or extensionDependencies fields in the package.json manifest. This transitive relationship ensures that when the benign extension is installed or updated, the malicious payload is silently delivered alongside it.

Upon installation, the malicious extension executes a heavily obfuscated JavaScript loader. This loader employs locale and timezone checks to avoid execution in Russian environments, a classic execution guardrail technique. The loader then leverages the Solana blockchain as a dead drop resolver, parsing transaction memos to dynamically retrieve the C2 server address. This approach complicates traditional network-based detection and takedown efforts.

The final payload is executed in-memory and is capable of credential harvesting, secret exfiltration, cryptocurrency wallet draining, and establishing proxy capabilities on the infected host. The malware uses AES encryption for C2 communications, with hardcoded keys and initialization vectors observed in multiple samples. The campaign also employs staged JavaScript loaders and frequent rotation of Solana wallets and C2 infrastructure to evade detection and disruption.

Notable malicious extensions include angular-studio.ng-angular-extension, crotoapp.vscode-xml-extension, gvotcha.claude-code-extension, mswincx.antigravity-cockpit, tamokill12.foundry-pdf-extension, turbobase.sql-turbo-tool, vce-brendan-studio-eich.js-debuger-vscode, otoboss.autoimport-extension, federicanc.dotenv-syntax-highlighting, twilkbilk.color-highlight-css, and aadarkcode.one-dark-material. The full list of affected extensions and technical indicators is available via Socket.dev and other referenced advisories.

Indicators of compromise include Solana wallets BjVeAjPrSKFiingBn4vZvghsGj9KCE8AJVtbc9S8o8SC and 6YGcuyFRJKZtcaYCCFba9fScNUvPkGXodXE1mJiSzqDJ, C2 IP addresses 45.32.150.251, 45.32.151.157, and 70.34.242.255, and AES crypto material wDO6YyTm6DL0T0zJ0SXhUql5Mo0pdlSz (key) and c4b9a3773e9dced6015a670855fd32b (IV). Malicious npm packages such as @aifabrix/miso-client and @iflow-mcp/watercrawl-watercrawl-mcp have also been linked to the campaign, as have over 151 compromised GitHub repositories.

Exploitation in the Wild

The GlassWorm campaign has achieved significant scale, with over 9 million installs of malicious extensions reported as of March 2026. The attack is ongoing, with new malicious extensions and updates being discovered and removed on a rolling basis. Some extensions remain live, underscoring the challenges of timely detection and response in decentralized extension ecosystems.

Attackers have demonstrated advanced social engineering capabilities, using realistic commit messages, documentation updates, and publisher names that closely mimic legitimate projects (e.g., daeumer-web.es-linter-for-vs-code vs. dbaeumer). Large language models are likely being used to generate plausible cover commits and documentation, further complicating manual review and detection efforts.

The campaign’s impact is global, affecting organizations and individual developers across all sectors that rely on open-source developer tooling. While there is no explicit evidence of country-specific targeting, the malware’s avoidance of Russian locales suggests a deliberate exclusion of certain geographies.

Victimology and Targeting

The primary targets of the GlassWorm campaign are developer workstations and organizations that depend on open-source extensions and packages, particularly those using Open VSX, npm, and GitHub. Sectors at heightened risk include software development, open-source projects, cryptocurrency, and any enterprise with developer endpoints. The attackers’ objectives are multifaceted: harvesting credentials and secrets, draining cryptocurrency wallets, and leveraging infected systems as proxies for further malicious activity.

No explicit targeting of specific countries has been observed, but the campaign’s technical guardrails exclude Russian and CIS environments. The broad distribution of malicious extensions and the use of typosquatting techniques indicate a strategy focused on maximizing reach and persistence within the global developer community.

Mitigation and Countermeasures

Immediate action is required to mitigate the risks posed by the GlassWorm campaign. Organizations should conduct a comprehensive audit of all installed Open VSX extensions, with particular attention to recent changes in extensionPack and extensionDependencies fields. Any extension, IP address, or Solana wallet listed in the indicators of compromise should be blocked or removed without delay.

Security teams should monitor developer endpoints for signs of obfuscated JavaScript loaders, Solana memo lookups, and suspicious network connections. In-memory payloads may have accessed credentials, tokens, and secrets, necessitating a review and potential rotation of sensitive assets. Vigilance against typosquatting is essential; extensions with publisher names that closely resemble legitimate projects should be scrutinized and, if necessary, removed.

Organizations are advised to implement robust supply-chain security controls, including automated dependency and extension scanning, behavioral monitoring, and network segmentation for developer environments. Regular threat intelligence updates and collaboration with extension repository maintainers will enhance detection and response capabilities.

References

• Socket.dev: 72 Malicious Open VSX Extensions Linked to GlassWorm Campaign

• The Hacker News: GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions

• HivePro Threat Advisory

• SecurityWeek: Open VSX Publisher Account Hijacked in Fresh GlassWorm Attack

• Reddit: r/SecOpsDaily GlassWorm Supply-Chain Attack

• LinkedIn: Cyber News Live Post

About Rescana

Rescana is a leader in third-party risk management (TPRM), providing organizations with a comprehensive platform to continuously monitor, assess, and mitigate cyber risks across their digital supply chains. Our advanced analytics and threat intelligence capabilities empower security teams to proactively identify and respond to emerging threats in real time. For questions or to request a detailed audit of your developer environments, we are happy to assist at ops@rescana.com.