The GlassWorm supply chain campaign has resurfaced, infiltrating the Microsoft Visual Studio Marketplace and Open VSX.
This time, it involves 24 malicious extensions that impersonate popular developer tools and frameworks like Flutter, React, Tailwind, Vim, and Vue.
GlassWorm was first documented in October 2025. It uses the Solana blockchain for command-and-control and steals npm, Open VSX, GitHub, and Git credentials.
It also drains cryptocurrency from wallets and turns developer machines into attacker-controlled nodes for further criminal activities.
A crucial aspect of GlassWorm is its ability to spread. It compromises additional packages and extensions using stolen credentials, effectively acting like a worm.
Despite efforts from Microsoft and Open VSX, the malware resurfaced last month, with attackers targeting GitHub repositories.
The latest wave, identified by Secure Annex’s John Tuckner, includes 24 extensions across both repositories. More details are available here.
Attackers artificially inflate download counts to make extensions seem trustworthy. This tactic helps them appear prominently in search results, tricking developers.
John Tuckner noted that attackers easily update code with malicious versions after initial approval, evading filters. The malicious code often appears right after activation.
The new iteration of GlassWorm employs Rust-based implants within the extensions. An analysis of the “icon-theme-materiall” extension revealed two such implants.
These implants, a Windows DLL named os.node and a macOS dynamic library named darwin.node, target respective systems.
They fetch C2 server details from a Solana blockchain wallet address to download the next-stage JavaScript payload. A Google Calendar event serves as a backup for the C2 address.
John Tuckner emphasized the rarity of an attacker publishing over 20 malicious extensions in a week across popular marketplaces. Developers are just one click away from compromise.
Microsoft has taken action, with some packages already removed, like prisma-inc.prisma-studio-assistance.
Further reports have highlighted the GlassWorm malware’s continued threat, as it resurfaces with stealthy Unicode attacks targeting VS Code extensions. This underscores the persistent challenge in securing developer ecosystems.
The malware’s re-emergence with new tactics suggests an adaptive adversary, continually refining methods to bypass defenses and exploit vulnerabilities within popular developer tools. More details can be found here.