Glassworm Strikes Again: Third Wave of Malicious VS Code Extensions Bypasses Moderation

The Glassworm campaign targeting popular Visual Studio Code extensions has entered yet another phase — researchers are now documenting a third wave of malicious uploads to the OpenVSX repository and the Microsoft Visual Studio Marketplace. Despite recent clean-ups on both platforms, the attackers once again succeeded in publishing new extensions and slipping them past moderation.

Glassworm was first detailed by Koi Security in October 2025. The malicious code is embedded within extensions for VS Code–compatible editors and concealed using invisible Unicode characters, making the harmful fragments far more difficult to detect during inspection. According to BleepingComputer, the current wave comprises 24 new packages distributed across both extension marketplaces.

Once a compromised extension is installed, Glassworm attempts to exfiltrate GitHub, npm, and OpenVSX credentials, along with cryptocurrency-wallet data linked to dozens of extensions. The malware further deploys a SOCKS proxy to route operator traffic through the victim’s device and installs an HVNC component that provides covert remote access to the system.

The initial wave of infected extensions was removed, and OpenVSX announced full containment of the incident and the rotation of compromised access tokens. Yet the Glassworm operators quickly resurfaced, creating new publisher accounts and fresh packages that appear indistinguishable from legitimate extensions.

The third wave was described by the Secure Annex team. According to their findings, the names of the malicious extensions imitate well-known tools and frameworks — including Flutter, Vim, Tailwind, Svelte, React Native, Vue, YAML utilities, and icon packs. In both the Microsoft Visual Studio Marketplace and OpenVSX, these impostor packages often differ from the originals by a single character and are displayed alongside authentic projects.

The Glassworm operators first secure approval for clean versions of their extensions, only to push an update later that contains the malicious payload. Download numbers are artificially inflated to boost search rankings and create the illusion of popularity and trustworthiness.

Secure Annex notes that, on a technical level, Glassworm has continued to evolve: Rust-based implants are now embedded within extensions, and the technique of using invisible Unicode characters remains a key mechanism for obscuring critical sections of the code. BleepingComputer has sent inquiries to both OpenVSX and Microsoft requesting clarification on how these malicious packages continue to bypass marketplace safeguards and is awaiting the companies’ official responses.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy