Fresh Wave of GlassWorm VS Extensions Slices Through Supply Chain TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTechTarget and Informa Tech’s Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Dark Reading Resource LibraryBlack Hat NewsOmdia CybersecurityAdvertiseNewsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsСloud SecurityHackers Use AI for Exploit Development, Attack AutomationHackers Use AI for Exploit Development, Attack AutomationbyAlexander CulafiMay 11, 20264 Min ReadСloud SecurityAfter Replacing TeamPCP Malware, 'PCPJack' Steals Cloud SecretsAfter Replacing TeamPCP Malware, 'PCPJack' Steals Cloud SecretsbyNate NelsonMay 7, 20265 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificLatin AmericaSee AllThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsResource LibraryNewslettersPodcastsReportsVideosWebinarsWhite Papers Partner PerspectivesDark Reading Resource LibraryApplication SecurityThreat IntelligenceVulnerabilities & ThreatsCybersecurity OperationsNewsFresh Wave of GlassWorm VS Code Extensions Slices Through Supply ChainAttackers continue to scale a campaign to seed Open VSX with seemingly benign VS Code extensions that spread self-propagating malware.Elizabeth Montalbano,Contributing WriterApril 28, 20265 Min ReadSource: Brent Hofacker via Alamy Stock PhotoUPDATEThe ongoing GlassWorm campaign has deployed a fresh wave of malicious Visual Studio (VS) Code extensions, many of which seem initially benign but later deploy self-replicating malware that can poison the software supply chain.Researchers from Socket discovered a new cluster of 73 so-called "sleeper" extensions beginning in April, which is related to activity by the self-propagating malware reported last month on the Open VSX marketplace. The latest wave demonstrates that the campaign continues to scale and evolve, according to a recent report published by the Socket Research Team. A sleeper extension or package is a threat actor-controlled imposter that is published before it's weaponized to build trust and generate downloads, but later can be updated to deliver malware. Earlier GlassWorm campaigns seeded sleeper extensions that remained dormant or fetched payloads later from external sources. Related:'TrustFall' Convention Exposes Claude Code Execution RiskThe latest wave of malicious extensions, however, include a capability to automatically fetch and execute malicious payloads at a later date, demonstrating a new evasion and propagation tactic, according to the report."Some variants rely on external payload retrieval, others rely on bundled native binaries, including reused installer components seen in prior GlassWorm activity," according to the research team. However, the common pattern throughout GlassWorm's latest activity "is that the extension itself acts as a thin loader," according to the report. "This is a tactical shift toward survivability and evasion: the malware is less tied to a single obvious malicious file in the extension source and more spread across updates, external payload hosting, obfuscation, native binaries, and cross-editor installation behavior," Philipp Burckhardt, head of threat intelligence at Socket, tells Dark Reading.Supply Chain Threat PersistsGlassWorm is a family of self-propagating malware first documented as it spread across Open VSX, an open source alternative to Microsoft's Visual Studio Marketplace, by researchers at Koi Security in October 2025. Its name comes from a unique coding technique found in its original incarnation of the stealthy malware that used printable Unicode characters that don't render in a code editor, basically making the malicious code invisible. GlassWorm's goal is to infect software developers with infostealers to obtain a target organization's secrets and credentials, which an attacker can then further weaponize to publish poisoned versions of projects maintained by that victim. This creates a downstream effect on the supply chain and allows the malware to self-replicate; when a victim downloads that poisoned package, they inadvertently facilitate its propagation.Related:Reverse Engineering With AI Unearths High-Severity GitHub Bug"The risk is full compromise of a developer workstation," Burckhardt says. "These extensions run inside developer environments that often have access to source code, credentials, API keys, SSH keys, cloud tokens, package publishing credentials, and internal systems."At least six of the extensions already have been activated with malware, while the others are sleepers or appear potentially suspicious, according to the report. The number of GlassWorm extensions also remains in flux, because it's unclear how many may activate to become malicious. However, they follow a pattern consistent with other GlassWorm infections in that they "are first published without an obvious payload, then later updated to deliver malware through the normal extension update path," the team wrote.The extensions also demonstrate an "impersonation pattern" to mimic legitimate extensions on Open VSX to trick developers into installing malicious ones. In fact, attackers are cloning legitimate listings almost exactly — replicating names, icons, descriptions, and even README content — while only changing subtle details like the publisher name and unique identifier. Related:Vercel Employee's AI Tool Access Led to Data BreachIn one example, a fake Turkish language package closely mimics the official version, making the differences easy to miss during routine browsing, according to the Socket team. "The difference is subtle enough that a developer browsing quickly could miss it," according to the report. "This is the core social engineering pattern behind the latest GlassWorm cluster: cloned listings create enough visual trust to attract installs before any malware is introduced."Increased Evasion Demands a Response    The latest dump of GlassWorm extensions doesn't show technical innovation, Idan Dardikman, chief technology officer (CTO) and co-founder at Koi Security, tells Dark Reading. However, it does show a maturing threat actor "running the same playbook at larger scale and with all tools deployed at once," he says, which means the GlassWorm threat continues to persist.As campaigns like this expand, it makes it harder than ever for developers to differentiate between legitimate packages and extensions and malicious ones, perpetuating the existing risk to the software supply chain. For this, Socket urges caution to organizations whose developers use public sites that share code for various software projects. Specifically, before downloading any code that will deployed in a production environment, developers should examine factors such as download counts and try to verify if the package or extension is coming from a legitimate user by reviewing extension publisher identity, age, download patterns, and naming similarity before approving use, Burckhardt says. They can also audit installed extensions for recent updates, especially newly published or low-reputation Open VSX extensions, to protect their environments from bad code."The important thing to remember when it comes to extension security is that  a clean initial version is no longer enough to establish trust," Burckhardt says. "Organizations need continuous monitoring of extension updates and transitive installation behavior, because these campaigns are increasingly designed to become malicious only after publication."To help developers recognize malicious extensions related to GlassWorm, the Socket team included a list of indicators of compromise (IoCs) in their report that features the confirmed malware-activated extensions as well as sleeper extensions. The researchers also included IoCs related to native installer binaries and various payloads, including a downloaded VSX payload and links to GitHub payload hosting sites.This story was updated at 12:25 p.m. on April 28 to reflect comments from Socket.About the AuthorElizabeth MontalbanoContributing WriterElizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.See more from Elizabeth MontalbanoWant more Dark Reading stories in your Google search results?Add Us NowMore InsightsIndustry ReportsHow Enterprises Are Developing Secure ApplicationsInside RSAC 2026: security leaders reveal the risks redefining your defense strategyHow Enterprises Are Harnessing Emerging Technologies in CybersecurityDitch the Data Center: Understanding Flexible Cloud Infrastructure Security Management2025 State of MalwareAccess More ResearchWebinarsThe New Attack Surface: How Attackers Are Exploiting OAuth to Own Your Cloud WorkspacePrompt Injection Is Just the Start: Securing LLMs in AI SystemsAnatomy of a Data Breach: What to Do if it Happens to YouHow Well Can You See What's in Your Cloud?Implementing CTEM: Beyond Vulnerability ManagementMore WebinarsEditor's ChoiceThreat IntelligenceFrom Stuxnet to ChatGPT: 20 News Events That Shaped CyberFrom Stuxnet to ChatGPT: 20 News Events That Shaped CyberbyDark Reading Editorial TeamMay 6, 202631 Min ReadCyber RiskPhysical Cargo Theft Gets a Boost From CybercriminalsPhysical Cargo Theft Gets a Boost From CybercriminalsbyRobert LemosMay 4, 20265 Min ReadWant more Dark Reading stories in your Google search results?Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.SubscribeRSAC 2026: key news & insightsAt RSAC 2026, Dark Reading captured critical intelligence on AI, new attack methods, geopolitics, and much moreGet Your RecapWebinarsThe New Attack Surface: How Attackers Are Exploiting OAuth to Own Your Cloud WorkspaceWed, June 24,2026 at 1pm ESTPrompt Injection Is Just the Start: Securing LLMs in AI SystemsTues, May 26, 2026, at 1pm ESTAnatomy of a Data Breach: What to Do if it Happens to YouJune 18th, 2026 | 11:00am -5:00pm ET | Doors Open at 10:30am ETHow Well Can You See What's in Your Cloud?Thurs, June 4, 2026 at 1:00pm ESTImplementing CTEM: Beyond Vulnerability ManagementThurs, May 21, 2026 at 1pm ESTMore WebinarsBlack Hat USA | Mandalay Bay, Las VegasThe premier cybersecurity event of the year returns to Mandalay Bay with a re‑engineered, six‑day program built to ignite innovation, push boundaries, and bring the global security community together like never before. Use code: DARKREADING to save $200 on a Briefings pass or $100 on a Business pass.GET YOUR PASSDiscover MoreBlack HatOmdiaWorking With UsAbout UsAdvertiseReprintsJoin UsNewsletter Sign-UpFollow UsCopyright © 2026 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.Home|Cookie Policy|Privacy|Terms of UseYour Privacy Choices

The ongoing GlassWorm campaign, spearheaded by Socket Research Team, is demonstrating an escalating and increasingly sophisticated approach to supply chain attacks. Elizabeth Montalbano details a fresh wave of Visual Studio Code (VS Code) extensions, many initially appearing benign, that are covertly deploying self-replicating malware. These “sleeper” extensions, detected beginning in April 2026, represent a significant evolution from previous GlassWorm iterations, exhibiting an ability to automatically fetch and execute payloads at a later stage, enhancing evasion tactics.

The researchers identified a shift in technique, with extensions primarily acting as thin loaders, distributing malware across updates, external payload hosting, and obfuscation – a deliberate effort to reduce reliance on easily identified malicious files. Philipp Burckhardt, head of threat intelligence at Socket, highlighted this tactical change as a move toward survivability and evasion, reflecting a maturing threat actor employing a consistent playbook at a larger scale. This evolving approach underscores the persistent risk posed by GlassWorm to software developers utilizing public code repositories.

GlassWorm’s objective remains to compromise developer workstations, gaining access to sensitive information such as source code, credentials, and API keys, ultimately weaponizing this data for further supply chain attacks. The campaign's success relies on the deceptive imitation of legitimate extensions, cloning listings almost identically – mirroring names, icons, descriptions, and README content while subtly altering publisher identities and unique identifiers. One example illustrates this deception, with a Turkish language package closely mimicking the official version, making it easily missed during routine browsing.

Idan Dardikman, CTO and co-founder of Koi Security, notes that while the latest dump lacks technical innovation in terms of outright new functionalities, the campaign's scaling and deployment of all tools simultaneously signify its enduring threat. The increased difficulty in differentiating between legitimate and malicious extensions perpetuates the inherent risk to the software supply chain. Socket urges organizations to implement caution, particularly when developers utilize public code sites, emphasizing the importance of verifying extension publisher identity, age, download patterns, and naming similarity before approving use. Burckhardt emphasizes continuous monitoring of extension updates and transitive installation behavior, particularly concerning newly published or low-reputation Open VSX extensions.

The research team provided a suite of Indicators of Compromise (IoCs) – encompassing confirmed malware-activated extensions, sleeper extensions, native installer binaries, and payload hosting links – to aid developers in recognizing and mitigating malicious extensions. This comprehensive IoC package, combined with the identified deceptive naming practices, demands a heightened awareness and proactive security posture among developers. The ongoing GlassWorm campaign continues to demonstrate the importance of vigilance and layered defenses, particularly in the context of increasingly sophisticated supply chain attacks.