Glassworm is a malicious VS Code extension campaign now in its third wave, using invisible Unicode characters and Rust-based implants to compromise developers across Microsoft’s Visual Studio Marketplace and the OpenVSX registry, mapped to MITRE ATT&CK techniques T1195 (Supply Chain Compromise), T1105 (Ingress Tool Transfer), and T1552 (Unsecured Credentials). Initially identified in October, Glassworm hides attacker logic inside extensions that impersonate popular tools and frameworks, including packages named to mimic Flutter, Vim, Tailwind, YAML, React Native, Svelte, and Vue ecosystems. After initial cleanup and token rotation by OpenVSX, Glassworm re-emerged with at least 24 new packages published under fresh accounts across both marketplaces. The operators follow a familiar strategy: submit a benign-looking extension, gain approval, inflate download counts to appear legitimate and rank highly in search results, then push an update that introduces the malicious payload. Once installed, the Glassworm extensions attempt to steal credentials and session data for GitHub, npm, OpenVSX, and cryptocurrency wallets from 49 other extensions, and deploy SOCKS proxies and HVNC clients to provide stealthy remote access through victims’ developer machines. Newer variants incorporate Rust-based implants, improving portability and evasion while still using text obfuscation tricks like invisible Unicode to hinder manual review. For organizations, compromised developer environments can cascade into repository compromise, package publication hijacking, and broader open source supply chain attacks. Stolen tokens can be used to publish trojanized releases to popular libraries or modify private code, while SOCKS-based pivots from dev machines create pathways into internal networks that often lack the same monitoring as production infrastructure. Mitigation requires tightening extension hygiene and supply chain defenses: developers should remove suspicious packages listed in recent Glassworm reporting, favor official publishers for critical tooling, and avoid installing lookalike extensions that appear alongside well-known packages. Enterprises should enforce VS Code extension allowlists, monitor for anomalous connections originating from IDEs or developer hosts, and require strong authentication and scoped tokens for Git, npm, and registry accounts so stolen credentials yield limited access.
🎯CORTEX Protocol Intelligence Assessment
Business Impact: Glassworm’s continued evolution across VS Code-compatible marketplaces exposes development organizations to credential theft, repository compromise, and downstream supply chain attacks that can impact customers and partners. A single compromised developer workstation can be leveraged to backdoor widely used libraries, leading to reputational damage, incident response costs, and potential liability if trojanized packages impact regulated industries. Technical Context: The campaign leverages T1195 supply chain compromise by abusing trust in marketplace-approved extensions, then uses T1105 to deliver Rust-based implants, SOCKS proxies, and HVNC components that extend command-and-control. Credential theft targeting GitHub, npm, and registry accounts (T1552) enables attackers to propagate malicious code into the broader ecosystem, underscoring the need for tight extension governance and secure credential management for developers.
⚡Strategic Intelligence Guidance
- Enforce VS Code and OpenVSX extension allowlists that limit installations to vetted publishers and known-good packages, and regularly audit installed extensions across developer endpoints.
- Revoke and rotate access tokens for GitHub, npm, and other developer services when Glassworm-related extensions are discovered, and monitor for unauthorized repository or package modifications.
- Instrument network monitoring to detect unusual traffic patterns originating from IDE processes or developer hosts, including unexpected SOCKS proxy connections or outbound C2 domains.
- Integrate extension and tool security into secure SDLC training, educating developers on risks of impersonator extensions, inflated download counts, and invisible Unicode obfuscation in code.
Vendors
MicrosoftOpenVSXSecure Annex
Threats
Glasswormmalicious VS Code extensions
Targets
VS Code developersOpenVSX userssoftware supply chain