GlassWorm Returns, Slices Back into VS Code Extensions TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTechTarget and Informa Tech’s Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Dark Reading Resource LibraryBlack Hat NewsOmdia CybersecurityAdvertiseNewsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsApplication Security'Ransomvibing' Infests Visual Studio Extension Market'Ransomvibing' Infests Visual Studio Extension MarketbyAlexander CulafiNov 7, 20254 Min ReadCybersecurity OperationsAI Security Agents Get Persona MakeoversAI Security Agents Get Persona MakeoversbyRobert Lemos, Contributing WriterNov 7, 20255 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificRecent in World See AllThreat IntelligenceSilver Fox APT Blurs the Line Between Espionage & CybercrimeSilver Fox APT Blurs the Line Between Espionage & CybercrimebyNate Nelson, Contributing WriterAug 8, 20253 Min ReadThreat IntelligenceIran-Israel War Triggers a Maelstrom in CyberspaceIran-Israel War Triggers a Maelstrom in CyberspacebyNate Nelson, Contributing WriterJun 19, 20255 Min ReadThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsResource LibraryNewslettersPodcastsReportsVideosWebinarsWhite Papers Partner PerspectivesDark Reading Resource LibraryCyberattacks & Data BreachesApplication SecurityVulnerabilities & ThreatsThreat IntelligenceNewsGlassWorm Returns, Slices Back into VS Code ExtensionsGlassWorm, a self-propagating VS Code malware first found in the Open VSX marketplace, continues to infect developer devices around the world.Alexander Culafi, Senior News Writer, Dark ReadingNovember 10, 20253 Min ReadSource: Vince Clements via Alamy Stock PhotoGlassWorm, a self-propagating malware targeting Visual Studio Code (VS Code) extensions on the Open VSX marketplace, have apparently continued despite statements that the threat had been contained. Researchers at Koi Security reported their discovery of GlassWorm last month, highlighting the worm's sophistication as well as its compromise of approximately 35,800 developer machines. The malware is similar to Shai-hulud, an NPM package worm discovered earlier this year that established itself as a particularly worrisome supply chain threat. The malware, first reported in September, spread to hundreds of open source software packages, stealing credentials without much attacker input to speak of. Even compared to Shai-hulud, GlassWorm appears to be a unique threat. It spread through the Open VSX Registry, an open source marketplace for VS Code extensions run by the Eclipse Foundation. The malware utilized printable Unicode characters that don't render in a code editor, making them effectively invisible. GlassWorm also uses the Solana blockchain for command and control (C2), and Google Calendar as a backup command server. In this way, it's like a greatest hits of emerging threat actor tactics seen in the past 12 months or so.Where GlassWorm comparisons to Shai-hulud are further relevant are in the former's harvesting of credentials (NPM, GitHub, and Git), as well as cryptocurrency wallets. It also turns dev machines into C2 infrastructure and installs virtual servers for complete remote access. The stolen credentials are then used for further attacks and propagation. Related:ClickFix Campaign Targets Hotels, Spurs Secondary Customer AttacksOn Nov. 6, Koi Security researchers published new research stating that GlassWorm attacks are ongoing, despite the Eclipse Foundation saying in a blog post last month that "the Open VSX team considers this incident fully contained and closed." GlassWorm Compromises Apparently ContinueKoi Security researchers detected "a new wave of GlassWorm infections" as well as three more compromised extensions, a new Solana blockchain transaction establishing C2 endpoints, and the same GlassWorm attacker infrastructure. More concerning, Koi Security accessed the attacker server and found "a partial list of victims from around the world — the US, South America, Europe, Asia — including a major government entity from the Middle East.""This isn't just about compromised extensions anymore. This is about real victims, critical infrastructure at risk, and a worm that's doing exactly what we warned it would do: spreading through the developer ecosystem," the researchers said in the report. "And it's not just Open VSX. Developers have reported that GlassWorm has jumped to GitHub repositories, using AI-generated commits to hide its invisible payloads in what looks like legitimate code changes."Related:SonicWall Firewall Backups Stolen by Nation-State ActorOn Nov. 6, Koi Security found three more extensions named "ai-driven-dev.ai-driven-dev," "adhamu.history-in-sublime-merge," and "yasuyuky.transient-emacs" infected with GlassWorm, as well as approximately 10,000 additional infections.  Moreover, the aforementioned attacker infrastructure seems mostly unchanged. "The infrastructure we documented a month ago is still operational. Still serving payloads. Still collecting stolen credentials," the researchers said.Dark Reading contacted the Eclipse Foundation for additional comment. Additional GlassWorm Findings and TakeawaysThreats to the open source supply chain remain rampant, whether you're talking about supply chain worms or vibe coded ransomware. Koi Security researchers said they gained access to attacker infrastructure following a tip from an independent researcher about an exposed endpoint. After this, the team managed to exfiltrate data from attackers and found that GlassWorm's campaign targeted a wide range of organizations all around the world, at the individual developer and organizational level. The attacker, according to the blog post, is Russian speaking.Related:Nikkei Suffers Breach Via Slack Compromise"We're currently working with law enforcement agencies to notify affected victims and coordinate efforts to take down the attacker's infrastructure. But the reality is sobering: this campaign has been running for over a month, and it continues to spread," the researchers said. "The victims we found represent only a partial snapshot — what we could extract from one exposed endpoint. The real scale of compromise is likely much larger."About the AuthorAlexander CulafiSenior News Writer, Dark ReadingAlex is an award-winning writer, journalist, and podcast host based in Boston. After cutting his teeth writing for independent gaming publications as a teenager, he graduated from Emerson College in 2016 with a Bachelor of Science in journalism. He has previously been published on VentureFizz, Search Security, Nintendo World Report, and elsewhere. In his spare time, Alex hosts the weekly Nintendo podcast Talk Nintendo Podcast and works on personal writing projects, including two previously self-published science fiction novels.See more from Alexander CulafiMore InsightsIndustry Reports2025 DigiCert DDoS Biannual ReportDigiCert RADAR - Risk Analysis, Detection & Attack ReconnaissanceThe Total Economic Impact of DigiCert ONEIDC MarketScape: Worldwide Exposure Management 2025 Vendor AssessmentThe Forrester Wave™: Unified Vulnerability Management Solutions, Q3 2025Access More ResearchWebinarsHow AI & Autonomous Patching Eliminate Exposure RisksThe Cloud is No Longer Enough: Securing the Modern Digital PerimeterSecuring the Hybrid Workforce: Challenges and SolutionsCybersecurity Outlook 2026Threat Hunting Tools & Techniques for Staying Ahead of Cyber AdversariesMore WebinarsYou May Also LikeEditor's ChoiceCybersecurity OperationsElectronic Warfare Puts Commercial GPS Users on NoticeElectronic Warfare Puts Commercial GPS Users on NoticebyRobert Lemos, Contributing WriterOct 21, 20254 Min ReadKeep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.SubscribeNov 13, 2025During this event, we'll examine the most prolific threat actors in cybercrime and cyber espionage, and how they target and infiltrate their victims.Secure Your SeatWebinarsHow AI & Autonomous Patching Eliminate Exposure RisksOn-DemandThe Cloud is No Longer Enough: Securing the Modern Digital PerimeterTues, Nov 18, 2025 at 1pm ESTSecuring the Hybrid Workforce: Challenges and SolutionsTues, Nov 4, 2025 at 1pm ESTCybersecurity Outlook 2026Virtual Event | December 3rd, 2025 | 11:00am - 5:20pm ET | Doors Open at 10:30am ETThreat Hunting Tools & Techniques for Staying Ahead of Cyber AdversariesTuesday, Oct 21, 2025 at 1pm ESTMore WebinarsWhite PapersPKI Modernization WhitepaperEDR v XDR v MDR- The Cybersecurity ABCs ExplainedHow to Chart a Path to Exposure Management MaturitySecurity Leaders' Guide to Exposure Management StrategyThe NHI Buyers GuideExplore More White PapersDiscover MoreBlack HatOmdiaWorking With UsAbout UsAdvertiseReprintsJoin UsNewsletter Sign-UpFollow UsCopyright © 2025 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.Home|Cookie Policy|Privacy|Terms of Use

GlassWorm’s Persistent Threat in the VS Code Extension Ecosystem

The ongoing threat posed by GlassWorm, a self-propagating malware targeting Visual Studio Code (VS Code) extensions within the Open VSX marketplace, continues to demonstrate the vulnerabilities within the open-source software supply chain. As reported by Dark Reading and Koi Security, the malware, initially discovered last month and first observed in September, has demonstrated a remarkable persistence, continuing to infect developer machines and expand its reach. This situation underscores the critical need for enhanced vigilance and proactive security measures within the rapidly evolving landscape of open-source development.

The core of the threat lies in GlassWorm’s ability to infiltrate VS Code extensions, a common practice for developers seeking readily available tools. However, this particular malware leverages the Open VSX Registry, a marketplace run by the Eclipse Foundation, to spread, exploiting the trust placed in this ecosystem. Koi Security’s investigation, following a tip from an independent researcher, revealed a sophisticated campaign that has been operational for over a month, with no indication of containment.

Key characteristics of the GlassWorm threat, as identified by Koi Security, include its utilization of printable Unicode characters, rendering them invisible within code editors, and the employment of the Solana blockchain for command and control (C2) operations, alongside Google Calendar as a backup. This multi-layered approach mirrors tactics observed in contemporary cybercrime and espionage, demonstrating a level of sophistication consistent with established threat actor methodologies.

The malware’s behavior echoes previous concerns regarding Shai-hulud, a prominent NPM package worm discovered earlier this year. Like GlassWorm, it harvests credentials—including those from NPM, GitHub, and Git—and establishes C2 infrastructure, turning infected developer machines into attack assets. Furthermore, it establishes virtual servers for complete remote access, enabling sophisticated reconnaissance and lateral movement within compromised environments. The stolen credentials are then utilized for further attacks and propagation, amplifying the potential damage.

Recent Dark Reading reporting details a “new wave” of GlassWorm infections, alongside three newly identified infected extensions – “ai-driven-dev.ai-driven-dev,” “adhamu.history-in-sublime-merge,” and “yasuyuky.transient-emacs,” along with approximately 10,000 additional infections. Critically, the attacker infrastructure remains operational, and the exfiltration of data continues, as documented by Koi Security. The investigation revealed that the victim landscape is diverse, spanning the US, South America, Europe, Asia, and even including a significant government entity from the Middle East. The attacker's origin is believed to be Russian-speaking.

The initial discovery of the GlassWorm threat was facilitated by an independent researcher who identified an exposed endpoint, which led to Koi Security gaining access to the attacker’s infrastructure and ultimately exfiltrating data. The scope of the compromise is likely much larger than what has been initially documented, reflecting the inherent challenges in tracking sophisticated, self-propagating malware.

The continued persistence of GlassWorm highlights the vulnerability of the open-source software supply chain. This situation necessitates heightened awareness among developers, security teams, and the Eclipse Foundation. Moving forward, collaborative efforts will be crucial – including enhanced monitoring within the Open VSX registry, increased scrutiny of extensions, and a concerted focus on educating developers about the risks associated with third-party code. The situation underscores not only the danger of supply chain attacks but also the need for a more resilient and secure approach to open-source development practices.