Executive Summary

A critical supply chain attack has been identified targeting the Open VSX Registry, a popular repository for Visual Studio Code (VSCode) extensions. Threat actors leveraged a compromised developer account to inject malicious code into legitimate extensions, distributing the advanced GlassWorm malware. This campaign demonstrates a new level of sophistication in software supply chain attacks, with the malware exhibiting self-propagation, credential theft, and advanced persistence mechanisms. Over 35,000 downloads of infected extensions have been recorded, with evidence of active exploitation in the wild. Organizations and individual developers using Open VSX or VSCode Marketplace extensions are at significant risk and must take immediate action to mitigate exposure.

Threat Actor Profile

The threat actors behind the GlassWorm campaign have demonstrated a high degree of technical proficiency and operational security. The attack chain began with the compromise of a legitimate developer’s Open VSX publishing credentials, likely through credential theft or token leakage. The adversaries exhibit characteristics consistent with Russian-speaking cybercriminals, as evidenced by locale checks within the malware that prevent execution on systems configured for Russian language. No public attribution to a specific Advanced Persistent Threat (APT) group has been made, but the campaign’s scale, automation, and evasion techniques suggest a well-resourced and experienced actor with a focus on maximizing reach and persistence within the software development ecosystem.

Technical Analysis of Malware/TTPs

GlassWorm is a multi-stage, self-propagating malware loader designed to compromise developer environments and exfiltrate sensitive data. The initial infection vector is a malicious update to a legitimate Open VSX extension, published using stolen developer credentials. Upon installation, the extension executes obfuscated JavaScript code, often employing invisible Unicode characters to evade static analysis and detection.

The malware’s primary capabilities include:

Credential theft: GlassWorm systematically harvests credentials for NPM, GitHub, Git, and various cloud providers, as well as browser-stored passwords and cryptocurrency wallet data. Targeted wallets include MetaMask, Electrum, Exodus, Atomic, Ledger Live, Trezor Suite, Binance, and TonKeeper.

Persistence: The malware establishes persistence on Windows systems by creating registry run keys under HKCU\Software\Microsoft\Windows\CurrentVersion\Run and HKLM\Software\Microsoft\Windows\CurrentVersion\Run, ensuring execution upon system startup.

Remote access: GlassWorm deploys hidden VNC servers and SOCKS proxies, effectively converting compromised developer machines into nodes within a criminal infrastructure, enabling remote control and lateral movement.

Self-propagation: Leveraging stolen credentials, the malware automatically attempts to compromise additional Open VSX and VSCode Marketplace extensions, publishing new malicious versions and exponentially increasing its reach.

Command and control (C2): The malware utilizes a triple-layered C2 infrastructure, including direct IP connections (e.g., 217.69.3.218), blockchain-based dead drops via the Solana network, and backup channels using Google Calendar events. This multi-pronged approach complicates takedown efforts and enhances resilience.

Evasion: In addition to code obfuscation, GlassWorm performs locale checks to avoid infecting Russian systems, decrypts payloads at runtime, and leverages legitimate cloud services for C2 communication.

The information exfiltrated by GlassWorm includes browser data (logins, cookies, history, wallet extensions), cryptocurrency wallet files, iCloud Keychain databases, Safari cookies, Apple Notes, user documents, FortiClient VPN configurations, and developer credentials stored in ~/.aws, ~/.ssh, NPM _authToken, and GitHub tokens.

Exploitation in the Wild

The GlassWorm campaign has resulted in widespread exploitation, with over 35,800 downloads of infected extensions from the Open VSX Registry and at least 22,000 downloads from the VSCode Marketplace before the malicious packages were removed. The attack was first observed in late October 2025, with new malicious extensions continuing to appear as recently as February 2026. The self-propagating nature of the malware has enabled rapid and automated compromise of additional developer accounts and packages, amplifying the scale of the incident. Organizations in the software development, IT, and cryptocurrency sectors are particularly affected, but the global reach of VSCode and Open VSX means that any user of these platforms is potentially at risk.

Victimology and Targeting

The primary targets of the GlassWorm campaign are developers and organizations utilizing Open VSX and VSCode Marketplace extensions. The attack is indiscriminate in terms of geography, with the notable exception of Russian systems, which are explicitly excluded via locale checks. Sectors most at risk include software development, IT services, and cryptocurrency, given the malware’s focus on stealing developer credentials and digital wallet data. The campaign’s automation and self-propagation mechanisms have resulted in a broad victimology, with both individual developers and large organizations affected. The theft of credentials and subsequent compromise of additional packages pose a significant risk to the integrity of the software supply chain, potentially enabling downstream attacks on end users and enterprise environments.

Mitigation and Countermeasures

Immediate action is required to contain and remediate the impact of the GlassWorm supply chain attack. Organizations and individuals should audit all installed VSCode and Open VSX extensions, specifically checking for the presence of the following malicious versions: oorzc.ssh-tools v0.5.1, oorzc.i18n-tools-plus v1.6.8, oorzc.mind-map v1.0.61, oorzc.scss-to-css-compile v1.3.4, codejoy.codejoy-vscode-extension v1.8.3 and v1.8.4, l-igh-t.vscode-theme-seti-folder v1.2.3, kleinesfilmroellchen.serenity-dsl-syntaxhighlight v0.3.2, JScearcy.rust-doc-viewer v4.2.1, SIRILMP.dark-theme-sm v3.11.4, CodeInKlingon.git-worktree-menu v1.0.9 and v1.0.91, ginfuru.better-nunjucks v0.3.2, ellacrity.recoil v0.7.4, grrrck.positron-plus-1-e v0.0.71, jeronimoekerdt.color-picker-universal v2.8.91, srcery-colors.srcery-colors v0.3.9, sissel.shopify-liquid v4.0.1, TretinV3.forts-api-extention v0.3.1, and cline-ai-main.cline-ai-agent v3.1.3.

If any of these extensions are found, they must be immediately removed, and all associated developer credentials (NPM, GitHub, SSH, cloud) should be revoked and rotated. Systems should be scanned for persistence mechanisms, such as suspicious registry run keys, and for the presence of hidden VNC servers or SOCKS proxies. Network monitoring should be implemented to detect connections to known C2 infrastructure, including 217.69.3.218, 140.82.52.31:80/wall, and Solana wallet 28PKnu7RzizxBzFPoLp69HLXp9bJL3JFtT2s5QzHsEA2. Organizations are advised to disable auto-update for extensions and implement a centralized allowlist for approved packages. Security teams should review logs for abnormal activity, such as unauthorized access to cloud resources or code repositories, and consider deploying endpoint detection and response (EDR) solutions capable of identifying obfuscated JavaScript and suspicious process behavior.

References

The following sources provide additional technical details and ongoing updates regarding the GlassWorm supply chain attack:

• The Hacker News: Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm

• Truesec: GlassWorm – Self-Propagating VSCode Extension Worm

• Socket.dev: Glassworm Loader Hits Open VSX

• Reddit: Open VSX Supply Chain Attack Discussion

• MITRE ATT&CK Techniques

About Rescana

Rescana is a leader in third-party risk management (TPRM), providing organizations with a comprehensive platform to assess, monitor, and mitigate cyber risks across their digital supply chain. Our advanced analytics and continuous monitoring capabilities empower security teams to proactively identify and address vulnerabilities, ensuring the resilience of your business ecosystem. For questions or further assistance, our experts are available at ops@rescana.com.