Executive Summary

A critical and highly sophisticated supply chain attack has emerged, leveraging a self-propagating malware known as GlassWorm to infect Visual Studio Code (VS Code) extensions. The campaign primarily targets the OpenVSX marketplace but has also breached the official Microsoft VS Code Marketplace. GlassWorm employs advanced evasion techniques, including invisible Unicode character obfuscation, and utilizes decentralized, blockchain-based command and control (C2) infrastructure. The malware is designed to harvest developer credentials, propagate itself automatically to new extensions, and establish persistent, covert access to compromised systems. This incident represents a watershed moment in the evolution of software supply chain threats, with the potential to impact tens of thousands of developers and organizations globally. Immediate action is required to assess exposure, contain the threat, and remediate affected environments.

Threat Actor Profile

Attribution for the GlassWorm campaign remains unconfirmed as of this report. The technical sophistication demonstrated—such as the use of blockchain for resilient C2, Unicode-based code obfuscation, and automated credential chaining—suggests a highly skilled and well-resourced threat actor. While no specific Advanced Persistent Threat (APT) group has been publicly linked, the tactics, techniques, and procedures (TTPs) align with actors experienced in supply chain compromise and developer ecosystem targeting. The campaign’s global reach and focus on developer infrastructure indicate a strategic intent to maximize lateral movement and downstream impact, rather than opportunistic or financially motivated cybercrime alone.

Technical Analysis of Malware/TTPs

GlassWorm is engineered as a self-replicating worm that exploits the trust inherent in the VS Code extension ecosystem. The initial infection vector involves the injection of malicious code into legitimate extensions, which are then published to OpenVSX and, in at least one case, the Microsoft VS Code Marketplace. The malicious payload is obfuscated using invisible Unicode characters, such as variation selectors, rendering it nearly undetectable to both human reviewers and static analysis tools.

Upon installation, the infected extension executes a multi-stage payload. The first stage enumerates local credential stores, extracting NPM, GitHub, and Git credentials. These credentials are exfiltrated to attacker-controlled infrastructure and immediately leveraged to compromise additional developer accounts and publish further infected packages, creating an exponential, worm-like propagation effect.

The malware establishes persistence by creating registry keys under HKCU\Software\Microsoft\Windows\CurrentVersion\Run and HKLM\Software\Microsoft\Windows\CurrentVersion\Run, ensuring execution upon system startup. For command and control, GlassWorm primarily utilizes the Solana blockchain, embedding C2 instructions in blockchain transactions that are virtually impossible to disrupt. As a fallback, the malware can retrieve C2 data from Google Calendar events controlled by the attacker (organizer: uhjdclolkdn@gmail.com). Direct C2 communication is also observed with IP addresses such as 217.69.3.218 and 140.82.52.31:80/wall.

The payload further deploys hidden VNC servers for remote access, installs SOCKS proxy servers to conscript developer machines into criminal proxy networks, and specifically targets 49 different cryptocurrency wallet extensions for credential theft. Peer-to-peer control channels are established using WebRTC and BitTorrent DHT, providing additional resilience and decentralization.

Exploitation in the Wild

The GlassWorm campaign was first detected on October 17, 2025. By October 19, at least one infected extension remained live in the Microsoft VS Code Marketplace, and 14 distinct builds across both marketplaces had been confirmed as malicious, with a combined download count exceeding 35,800. The worm’s credential chaining mechanism enabled rapid, automated compromise of new packages and developer accounts, outpacing initial containment efforts. Notably, 10 extensions continued to distribute the malware two days after the initial public disclosure, underscoring the challenge of eradicating a self-propagating supply chain threat.

Victims have reported unauthorized publication of new packages, credential theft, and the presence of unauthorized remote access tools on developer workstations. The campaign’s focus on cryptocurrency wallet extensions further suggests a secondary objective of financial theft, in addition to its primary goal of ecosystem-wide compromise.

Victimology and Targeting

The GlassWorm attack indiscriminately targets the global developer community, with a particular focus on organizations and individuals utilizing VS Code extensions from OpenVSX and the Microsoft Marketplace. Sectors at elevated risk include software development, DevOps, fintech, and any enterprise with a dependency on open-source developer tooling. The campaign’s global reach is facilitated by the widespread adoption of VS Code and the default auto-update behavior of its extension system, which enables silent, large-scale infection without user intervention. No specific country or region has been singled out, but the impact is inherently global due to the nature of the targeted platforms.

Mitigation and Countermeasures

Immediate mitigation steps are essential to contain and remediate the GlassWorm threat. Organizations should conduct a comprehensive audit of all installed VS Code extensions, cross-referencing the list of known malicious versions and associated indicators of compromise (IOCs). Auto-update functionality for extensions should be disabled until the integrity of the supply chain can be assured. Network monitoring should be implemented to detect connections to the identified C2 infrastructure, including the Solana wallet address and suspicious Google Calendar events.

Persistence mechanisms should be checked by inspecting the Windows registry keys under both HKCU and HKLM paths as specified above. All developer credentials, including NPM, GitHub, and Git, must be revoked and rotated if any infected extension was present in the environment. Security teams should also monitor for unauthorized Google Calendar events and suspicious organizer accounts, as well as the presence of hidden VNC servers or unexpected proxy services on developer endpoints.

To prevent future incidents, organizations are advised to centralize extension allowlisting, restrict installation to trusted and reviewed sources, and implement robust supply chain security controls. User education regarding the risks of third-party extensions and the importance of credential hygiene is also critical.

References

• Truesec: GlassWorm – Self-Propagating VSCode Extension Worm

• Koi Security: GlassWorm First Self-Propagating Worm Using Invisible Code

• The Hacker News: Self-Spreading 'GlassWorm' Infects VS Code Extensions

• Fluid Attacks: GlassWorm supply chain attack

• DarkReading: Self-Propagating GlassWorm Attacks VS Code Supply Chain

• OpenVSX Security Advisory

• MITRE ATT&CK Framework

About Rescana

Rescana is a leader in third-party risk management (TPRM), providing organizations with advanced tools to continuously monitor, assess, and mitigate cyber risks across their digital supply chains. Our platform empowers security teams to gain deep visibility into vendor ecosystems, automate risk assessments, and respond rapidly to emerging threats. For more information about how Rescana can help secure your organization’s supply chain, we are happy to answer questions at ops@rescana.com.