Cybersecurity researchers have flagged a new iteration of the GlassWorm campaign that they say represents a “significant escalation” in how it propagates through the Open VSX registry.
“Instead of requiring every malicious listing to embed the loader directly, the threat actor is now abusing extensionPack and extensionDependencies to turn initially standalone-looking extensions into transitive delivery vehicles in later updates, allowing a benign-appearing package to begin pulling a separate GlassWorm-linked extension only after trust has already been established,” Socket said in a report published Friday.
The software supply chain security company said it discovered at least 72 additional malicious Open VSX extensions since January 31, 2026, targeting developers. These extensions mimic widely used developer utilities, including linters and formatters, code runners, and tools for artificial intelligence (AI)-powered coding assistants like Clade Code and Google Antigravity.
The names of some of the extensions are listed below. Open VSX has since taken steps to remove them from the registry –
- angular-studio.ng-angular-extension
- crotoapp.vscode-xml-extension
- gvotcha.claude-code-extension
- mswincx.antigravity-cockpit
- tamokill12.foundry-pdf-extension
- turbobase.sql-turbo-tool
- vce-brendan-studio-eich.js-debuger-vscode
GlassWorm is the name given to an ongoing malware campaign that has repeatedly infiltrated Microsoft Visual Studio Marketplace and Open VSX with malicious extensions designed to steal secrets and drain cryptocurrency wallets, and abuse infected systems as proxies for other criminal activities.
Although the activity was first flagged by Koi Security in October 2025, npm packages using the same tactics – particularly the use of invisible Unicode characters to hide malicious code – were identified as far back as March 2025.
The latest iteration retains many of the hallmarks associated with GlassWorm: running checks to avoid infecting systems with a Russian locale and using Solana transactions as a dead drop resolver to fetch the command-and-control (C2) server for improved resilience.
But the new set of extensions also features heavier obfuscation and rotates Solana wallets to evade detection, as well as abuses extension relationships to deploy the malicious payloads, similar to how npm packages rely on rogue dependencies to fly under the radar. Regardless of whether an extension is declared as “extensionPack” or “extensionDependencies” in the extension’s “package.json” file, the editor proceeds to install every other extension listed in it.
In doing so, the GlassWorm campaign uses one extension as an installer for another extension that’s malicious. This also opens up new supply chain attack scenarios as an attacker first uploads a completely harmless VS Code extension to the marketplace to bypass review, after which it’s updated to list a GlassWorm-linked package as a dependency.
“As a result, an extension that looked…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
