November 13th, 2025

GlassWorm Resurfaces Through Malicious VS Code Extensions on Open VSX

Critical

Our Cyber Threat Intelligence Unit is tracking a renewed GlassWorm malware campaign targeting the Visual Studio Code (VS Code) ecosystem through trojanized extensions published to Open VSX and Microsoft’s VS Code Marketplace. On November 10, 2025, researchers identified three active Open VSX extensions: ai-driven-dev.ai-driven-dev (3,402 downloads), adhamu.history-in-sublime-merge (4,057), and yasuyuky.transient-emacs (2,431). These extensions harvest developer credentials, drain cryptocurrency wallets, and spread by compromising additional accounts and projects. Open VSX has since removed the listings and rotated affected tokens, yet operators have republished new payloads using Solana blockchain transactions to update command-and-control (C2) endpoints. This blockchain-based method ensures campaign persistence and complicates takedown efforts.

Technical Details

Attack Type: Software supply chain compromise via trojanized VS Code extensions.
Severity: Critical.
Delivery Vector: Malicious Open VSX extensions disguised as legitimate developer tools.
Evasion:
- Obfuscated JavaScript embedded with invisible Unicode characters, bypassing manual review and static checks.
- Malicious logic is concealed in legitimate scripts to evade casual inspection.
Behavioral Summary:
- Credential Theft: Extracts tokens and credentials from Open VSX, GitHub, and 49 targeted cryptocurrency wallet extensions.
- Propagation: Uses stolen credentials to push malicious updates, infect additional extensions, and spread across developer accounts and CI/CD environments.
- Resilient C2: Posts encrypted payload metadata to the Solana blockchain, dynamically updating C2 locations.
  - Earlier variants also used Google Calendar events for backup C2 coordination.
Persistence: Ensures infected systems automatically fetch new payloads even after takedowns.

Impact

Source Code Compromise: Theft of developer credentials enables unauthorized commits and repository tampering.
Supply Chain Poisoning: Trojanized extensions distributed via trusted marketplaces amplify reach and infection speed.
Financial Theft: Compromised wallet extensions lead to direct cryptocurrency losses.
Lateral Movement: Compromised systems reused as proxy or C2 infrastructure, extending attacker persistence.
Confirmed Victims: Multiple organizations impacted globally, including at least one government entity.

Detection Method

Inventory and Freeze Extensions: Enumerate all extensions deployed across developer endpoints and CI runners; disable or remove unverified publishers.
Monitor Outbound Activity: Detect connections to Solana RPC endpoints or unknown domains triggered by VS Code processes.
Credential and Token Monitoring: Watch for unauthorized GitHub, NPM, or Open VSX logins, token misuse, or unexpected commit activity.
Inspect Local Artifacts: Scan extension folders for obfuscated JavaScript or invisible Unicode characters indicating GlassWorm code.
Endpoint Process Behaviour: Monitor Code.exe for abnormal CPU usage, unexpected child processes, or remote script fetches.
Source Control Hygiene: Audit repositories and workspace files for injected scripts or unapproved dependency changes.

Indicators of Compromise

OpenVSX Extensions (with malicious versions)

ai-driven-dev.ai-driven-dev

adhamu.history-in-sublime-merg

yasuyuky.transient-emacs

mix of red, purple, orange, blue bubble shape waves horizontal for cybersecurity and netwo

Recommendations

Immediate Removal: Uninstall all malicious extensions listed above.
Credential Hygiene: Revoke and rotate all Open VSX, GitHub, and npm access tokens.
Source Control Review: Inspect repositories for unauthorized commits or dependency changes.
Network Defense: Block connections to identified IPs and Solana RPC endpoints.
Developer Awareness: Train teams on Unicode-based obfuscation and the risks of unverified publishers.
Policy Enforcement: Implement controlled extension allowlists and sandbox environments for development systems.

Conclusion

The resurgence of the GlassWorm campaign highlights the growing risk of malware infiltration through trusted developer ecosystems. By combining Unicode-based obfuscation, blockchain-based C2 channels, and credential theft, adversaries have developed a persistent, adaptive infection model within open-source environments. We urge organizations to harden extension governance, audit all developer tooling, and enhance continuous monitoring of source-code supply chains to mitigate risks associated with this campaign.

References

https://thehackernews.com/2025/11/glassworm-malware-discovered-in-three.html

https://www.bleepingcomputer.com/news/security/glassworm-malware-returns-on-openvsx-with-3-new-vscode-extensions/

https://dailysecurityreview.com/cyber-security/application-security/glassworm-returns-with-malicious-vscode-extensions-infecting-thousands/

Changed to reference links format and removed one ref link which is posted on oct’18