Glassworm malware returns in third wave of malicious VS Code packages

News

Featured
Latest

GreyNoise launches free scanner to check if you're part of a botnet

The Cyber Monday 2025 Cybersecurity, IT, VPN, & Antivirus Deals

Microsoft to secure Entra ID sign-ins from script injection attacks

New ShadowV2 botnet malware used AWS outage as a test opportunity

Glassworm malware returns in third wave of malicious VS Code packages

SmartTube YouTube app for Android TV breached to push malicious update

Microsoft says new Outlook can't open some Excel attachments

Retail giant Coupang data breach impacts 33.7 million customers

Tutorials

Latest
Popular

How to access the Dark Web using the Tor Browser

How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11

How to use the Windows Registry Editor

How to backup and restore the Windows Registry

How to start Windows in Safe Mode

How to remove a Trojan, Virus, Worm, or other Malware

How to show hidden files in Windows 7

How to see hidden files in Windows

Virus Removal Guides

Latest
Most Viewed
Ransomware

Remove the Theonlinesearch.com Search Redirect

Remove the Smartwebfinder.com Search Redirect

How to remove the PBlock+ adware browser extension

Remove the Toksearches.xyz Search Redirect

Remove Security Tool and SecurityTool (Uninstall Guide)

How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo

How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller

How to remove Antivirus 2009 (Uninstall Instructions)

Locky Ransomware Information, Help Guide, and FAQ

CryptoLocker Ransomware Information Guide and FAQ

CryptorBit and HowDecrypt Information Guide and FAQ

CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ

Downloads

Latest
Most Downloaded

Qualys BrowserCheck

STOPDecrypter

AuroraDecrypter

FilesLockerDecrypter

AdwCleaner

ComboFix

RKill

Junkware Removal Tool

Deals

Categories

eLearning

IT Certification Courses

Gear + Gadgets

Security

VPNs

Popular

Best VPNs

How to change IP address

Access the dark web safely

Best VPN for YouTube

Forums
More

Startup Database
Uninstall Database
Glossary
Chat on Discord
Send us a Tip!
Welcome Guide

HomeNewsSecurityGlassworm malware returns in third wave of malicious VS Code packages

Glassworm malware returns in third wave of malicious VS Code packages

By Bill Toulas

December 1, 2025
04:08 PM
0

The Glassworm campaign, which first emerged on the OpenVSX and Microsoft Visual Studio marketplaces in October, is now in its third wave, with 24 new packages added on the two platforms.
OpenVSX and the Microsoft Visual Studio Marketplace are both extension repositories for VS Code–compatible editors, used by developers to install language support, frameworks, tooling, themes, and other productivity add-ons.
The Microsoft marketplace is the official platform for Visual Studio Code, while OpenVSX is an open, vendor-neutral alternative used by editors who can't or don't use Microsoft's proprietary store.
First documented by Koi Security on October 20, Glassworm is a malware that uses "invisible Unicode characters" to hide its code from review.
Once developers install it in their environments, it attempts to steal GitHub, npm, and OpenVSX accounts, as well as cryptocurrency wallet data from 49 extensions.
Moreover, the malware deploys a SOCKS proxy to route malicious traffic through the victim's machine and installs the HVNC client to give operators stealthy remote access.
Although the initial infection was cleaned from the extension repositories, the malware returned to both sites shortly after with new extensions and publisher accounts.
Prior to this, Open VSX had declared the incident fully contained, with the platform rotating compromised access tokens.
The re-emergence of Glassworm was discovered by Secure Annex's researcher, John Tuckner, who reports that the package names indicate a broad targeting scope covering popular tools and developer frameworks like Flutter, Vim, Yaml, Tailwind, Svelte, React Native, and Vue.

Legitimate (left) and impersonator (right) packagesSource: Secure Annex
Secure Annex has now found that the third wave uses the packages listed below.
VS Marketplace
iconkieftwo.icon-theme-materiall
prisma-inc.prisma-studio-assistance
prettier-vsc.vsce-prettier
flutcode.flutter-extension
csvmech.csvrainbow
codevsce.codelddb-vscode
saoudrizvsce.claude-devsce
clangdcode.clangd-vsce
cweijamysq.sync-settings-vscode
bphpburnsus.iconesvscode
klustfix.kluster-code-verify
vims-vsce.vscode-vim
yamlcode.yaml-vscode-extension
solblanco.svetle-vsce
vsceue.volar-vscode
redmat.vscode-quarkus-pro
msjsdreact.react-native-vsce
Open VSX
bphpburn.icons-vscode
tailwind-nuxt.tailwindcss-for-react
flutcode.flutter-extension
yamlcode.yaml-vscode-extension
saoudrizvsce.claude-dev
saoudrizvsce.claude-devsce
vitalik.solidity
Once the packages are accepted on the marketplaces, the publishers push an update that introduces the malicious code, then inflate their download counts to make them appear legitimate and trustworthy.
Also, artificially increasing download counts can manipulate search results, with the malicious extension appearing higher in the results, often very close to the legitimate projects it impersonates.

Confusing search resultsSource: Secure Annex
The researcher reports that Glassworm has evolved on the technical side as well, now using Rust-based implants packaged inside the extensions. The invisible Unicode trick is also still used in some cases.

PayloadSource: Secure Annex
BleepingComputer has contacted both OpenVSX and Microsoft regarding Glassworm's continued ability to bypass their defenses, and we will update this post with their responses once received.

Break down IAM silos like Bitpanda, KnowBe4, and PathAI
Broken IAM isn't just an IT problem - the impact ripples across your whole business.
This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what "good" IAM looks like, and a simple checklist for building a scalable strategy.
Get the guide

Related Articles:
GlassWorm malware returns on OpenVSX with 3 new VSCode extensionsOpen VSX rotates access tokens used in supply-chain malware attackSelf-spreading GlassWorm malware hits OpenVSX, VS Code registriesFake Solidity VSCode extension on Open VSX backdoors developersPhantomRaven attack floods npm with credential-stealing packages

Coding
Crypto Wallet
GlassWorm
Malware
Open VSX
Token
VSCode

Bill Toulas
Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks.

Previous Article

Post a Comment Community Rules

You need to login in order to post a comment
Not a member yet? Register Now

You may also like:

Popular Stories

Leak confirms OpenAI is preparing ads on ChatGPT for public roll out

Microsoft: Windows updates make password login option invisible

Public GitLab repositories exposed more than 17,000 secrets

Sponsor Posts

Review of Passwork: Affordable Enterprise-Grade Password Manager

Overdue a password health-check? Audit your Active Directory for free

Hackers love the holidays! Share FREE Security Awareness Training to keep family & friends cyber-safe!

  Upcoming Webinar

Follow us:

Main Sections

News
VPN Buyer Guides
SysAdmin Software Guides
Downloads
Virus Removal Guides
Tutorials
Startup Database
Uninstall Database
Glossary

Community

Forums
Forum Rules
Chat

Useful Resources

Welcome Guide
Sitemap

Company

About BleepingComputer
Contact Us
Send us a Tip!
Advertising
Write for BleepingComputer
Social & Feeds
Changelog

Terms of Use - Privacy Policy - Ethics Statement - Affiliate Disclosure

Copyright @ 2003 - 2025 Bleeping Computer® LLC - All Rights Reserved

Login

Username

Password

Remember Me

Sign in anonymously

Sign in with Twitter

Not a member yet? Register Now

Reporter

Help us understand the problem. What is going on with this comment?

Spam

Abusive or Harmful

Inappropriate content

Strong language

Other

Read our posting guidelinese to learn what content is prohibited.

Submitting...
SUBMIT

The Glassworm malware campaign, now in its third wave, continues to target Visual Studio Code (VS Code) developers through malicious packages distributed across both the OpenVSX and Microsoft Visual Studio Marketplace repositories. This ongoing activity underscores the persistent threat of supply chain attacks, particularly those exploiting the trust placed in widely used developer tools. As detailed by Bill Toulas of BleepingComputer, the initial emergence of Glassworm in October 2025, involving the use of “invisible Unicode characters” to conceal its code, has been followed by a cyclical return of the malware, demonstrating a sophisticated persistence strategy.

The third wave, identified by Secure Annex researcher John Tuckner, leverages 24 new packages across both platforms, each designed to mimic legitimate, popular developer tools and frameworks—including Flutter, Vim, YAML, Tailwind, Svelte, React Native, and Vue. This impersonation tactic is a key element of the attack, increasing the chances of developers unwittingly installing the malicious code. The packages utilized include names such as ‘iconkieftwo.icon-theme-materiall’, ‘prisma-inc.prisma-studio-assistance’, and ‘prettier-vsc.vsce-prettier,’ making them appear as legitimate extensions.

Following acceptance onto the marketplaces, malicious publishers then deploy updates containing the core Glassworm payload. Critically, they inflate download counts, manipulating search results to elevate the apparent legitimacy of the extensions. This manipulation aims to mask the malicious nature of the code, increasing the likelihood that developers will install it simply because it appears to be a popular and widely used tool. The malware employs both the original Unicode obfuscation technique and now incorporates Rust-based implants within the extensions, demonstrating an evolution of the attack’s sophistication.

Secure Annex's investigation found that the attack’s supply chain nature is being exploited, utilizing well-established VS Code extension repositories as entry points. Key elements of the attack include the use of SOCKS proxies to redirect malicious traffic, alongside the installation of the HVNC client for stealthy remote access capabilities. The continuous rotation of access tokens by OpenVSX further complicates detection and response efforts.

The continued success of Glassworm highlights vulnerabilities within the software supply chain and the potential for adversaries to exploit trust in popular development tools. BleepingComputer is currently awaiting responses from both OpenVSX and Microsoft regarding the continued ability of Glassworm to bypass their existing defenses. This ongoing situation necessitates heightened vigilance within the developer community and underscores the importance of robust security practices, including thorough code review, verification of extension sources, and the use of security scanners.