GlassWorm supply chain attack: Self-Propagating malware infects Visual Studio Code extensions

Cybersecurity researchers are reporting a self-propagating worm dubbed "GlassWorm" that has compromised Visual Studio Code (VS Code) extensions distributed on both the Open VSX Registry and the Microsoft Extension Marketplace. 

The GlassWorm campaign follows the Shai-Hulud worm, which targeted the npm ecosystem in mid-September 2025. GlassWorm uses emerging technologies and techniques that make detection very difficult:

GlassWorm attack is the use of invisible Unicode characters to conceal malicious code within the infected extensions. According to Idan Dardikman of Koi Security, who authored the technical analysis, "the attacker used Unicode variation selectors – special characters that are part of the Unicode specification but don't produce any visual output." 

Normal, visible code:

const apiKey = "safe_value";

Code with Unicode variation selectors (conceptual representation):

const API_KEY = "safe_value";[INVISIBLE CHARACTERS HERE]const HIDDEN_KEY = "malicious_payload"; ```
 Example invisible characters:
- **U+FE00 through U+FE0F** (Variation Selector-1 through Variation Selector-16)
- **U+200B** (Zero-Width Space)
- **U+200C** (Zero-Width Non-Joiner)
- **U+200D** (Zero-Width Joiner)
- **U+FEFF** (Zero-Width No-Break Space)
 
If we unhide the hidden text the actual code is
const API_KEY = "safe_value";
const HIDDEN_KEY = "malicious_payload"; ```

Even experienced developers examining the code would be unable to see the malicious instructions, as the Unicode variation selectors render the harmful code invisible while still allowing it to execute normally when the extension runs.

The malware uses the Solana blockchain as its primary command-and-control (C2) infrastructure, making the attack infrastructure highly resilient to takedown efforts by law enforcement or security researchers. As a backup mechanism, the attackers also utilize Google Calendar as an alternative C2 channel, ensuring that even if the primary communication method is disrupted, the malware can continue to receive commands and exfiltrate stolen data.

The attack has compromised a total of 14 VS Code extensions—13 on the Open VSX Registry and one on the Microsoft Extension Marketplace:

• codejoy.codejoy-vscode-extension (versions 1.8.3 and 1.8.4)
• l-igh-t.vscode-theme-seti-folder (version 1.2.3)
• kleinesfilmroellchen.serenity-dsl-syntaxhighlight (version 0.3.2)
• JScearcy.rust-doc-viewer (version 4.2.1)
• SIRILMP.dark-theme-sm (version 3.11.4)
• CodeInKlingon.git-worktree-menu (versions 1.0.9 and 1.0.91)
• ginfuru.better-nunjucks (version 0.3.2)
• ellacrity.recoil (version 0.7.4)
• grrrck.positron-plus-1-e (version 0.0.71)
• jeronimoekerdt.color-picker-universal (version 2.8.91)
• srcery-colors.srcery-colors (version 0.3.9)
• sissel.shopify-liquid (version 4.0.1)
• TretinV3.forts-api-extention (version 0.3.1)
• cline-ai-main.cline-ai-agent (version 3.1.3) on Microsoft Extension Marketplace

Once an infected extension is installed, the concealed malicious code begins searching for transactions associated with an attacker-controlled wallet on the Solana blockchain. When it identifies relevant transactions, the malware extracts a Base64-encoded string from the transaction's memo field. This encoded data, when decoded, reveals the IP addresses of C2 servers (specifically "217.69.3[.]218" and "199.247.10[.]166") that the malware contacts to retrieve the next stage of its payload.

The primary payload functions is an infostealer designed to harvest sensitive data from infected developer machines like npm credentials, Open VSX publishing tokens, GitHub authentication tokens, Git credentials, and data from 49 different cryptocurrency wallet extensions. 

This information enables the attackers to access developers' code repositories, publish malicious packages under legitimate developer identities, and drain cryptocurrency funds from victim wallets. 

The malware also reaches out to a specially crafted Google Calendar event, parsing another Base64-encoded string that provides instructions for contacting the same C2 servers to obtain an additional payload module codenamed "Zombi." All exfiltrated data is transmitted to a remote endpoint at "140.82.52[.]31:80" that is controlled by the threat actors.

This secondary payload deploys SOCKS proxy servers that convert infected developer machines into proxies that can be used to route malicious traffic, effectively turning victims' systems into conduits for criminal activities while obscuring the attackers' true locations. 

The malware is designed to weaponize stolen credentials by using them to compromise additional packages and extensions across multiple platforms, enabling the worm to spread autonomously throughout the software development ecosystem without requiring continued intervention from the attackers.

The attack is further amplified by the default auto-update functionality built into VS Code extensions. Once attackers gain control of an extension, they can push malicious updates automatically to all users who have installed the extension, without requiring any user interaction or approval. 

The use of blockchain technology for C2 infrastructure is an intersting trend in cybercrime that poses massive challenges for defenders: 

• transactions are immutable and cannot be removed once committed to the blockchain;
• the infrastructure is decentralized and cannot be taken down by authorities;
• the pseudonymous nature of blockchain transactions makes attribution more difficult.

Security researchers have noted that this technique has gained popularity among sophisticated threat actors, including state-sponsored groups from North Korea who have leveraged similar blockchain-based C2 mechanisms in their espionage and financially motivated campaigns.

Both Open VSX Registry and Microsoft have been notified of the compromised extensions and are working to remove the malicious packages from their platforms. However, developers who have already installed these extensions may remain compromised until they manually uninstall the affected software and rotate any credentials that may have been exposed. 

Organizations should conduct thorough security assessments of developer workstations, review access logs for signs of unauthorized activity using stolen credentials, and implement additional monitoring for suspicious network traffic originating from development environments.