GlassWorm Malware Returns with 24 Fake Developer Extensions Targeting VS Code and Open VSX

The notorious GlassWorm supply-chain malware campaign has returned with a new wave of attacks, infiltrating both the Microsoft Visual Studio Marketplace and Open VSX. Security researchers have confirmed that 24 malicious extensions all impersonating popular developer tools like Flutter, React, TailwindCSS, Vim, and Vue were uploaded to these repositories, putting millions of developers at risk.

This resurgence highlights a growing threat to the global software supply chain and demonstrates how easily attackers can weaponize trusted ecosystems to compromise code, steal credentials, and spread malware.

What Is GlassWorm? A Quick Breakdown

GlassWorm was first exposed in October 2025, where researchers discovered a sophisticated malware operation using:

• Solana blockchain for command-and-control (C2)
• Credential theft for npm, GitHub, Open VSX, and Git
• Cryptocurrency wallet draining
• Conversion of developer machines into attacker-controlled bot nodes
• Supply-chain infection, enabling the malware to spread to more packages

Its most dangerous feature is self-propagation. Using stolen developer credentials, the malware compromises additional extensions and code repositories, turning GlassWorm into a worm-like threat across the ecosystem.

Despite efforts from Microsoft and Open VSX, the malware resurfaced again and this latest attack is its largest yet.

New GlassWorm Attack Hits 24 Developer Extensions

According to research from Secure Annex’s John Tuckner, the latest GlassWorm campaign includes 24 malicious extensions, many of which closely mimic legitimate and widely-used tools.

Malicious Extensions on the VS Code Marketplace

Examples include:

• iconkieftwo.icon-theme-materiall
• prisma-inc.prisma-studio-assistance
• prettier-vsc.vsce-prettier
• flutcode.flutter-extension
• csvmech.csvrainbow
• codevsce.codelddb-vscode
• clangdcode.clangd-vsce
• vims-vsce.vscode-vim
• yamlcode.yaml-vscode-extension
• solblanco.svetle-vsce
• redmat.vscode-quarkus-pro
• msjsdreact.react-native-vsce
• …and others.

Malicious Extensions on Open VSX

Including:

• bphpburn.icons-vscode
• tailwind-nuxt.tailwindcss-for-react
• flutcode.flutter-extension
• yamlcode.yaml-vscode-extension
• vitalik.solidity
• saoudrizvsce.claude-dev
• saoudrizvsce.claude-devsce

How GlassWorm Tricks Developers

Attackers used several clever strategies to boost the visibility of their fake extensions:

1. Artificially Inflated Download Counts

By faking popularity metrics, the malicious tools appeared in search results next to real ones, increasing the likelihood that developers would mistakenly install them.

2. Post-Approval Code Injection

Even after extensions passed marketplace review, attackers later pushed malicious updates:

“Once the extension has been approved initially, the attacker can easily update code with a new malicious version,” Tuckner noted.

3. Hidden Malicious Code Behind “activation” Hooks

The malicious payload was triggered immediately after extension activation, blending seamlessly with normal extension behavior.

Rust-Based Implants Targeting Windows and macOS

In the latest variant, researchers discovered Rust-written implants packaged inside extensions. For example, the fake icon-theme-materiall extension contained:

• os.node — a Windows DLL
• darwin.node — a macOS dynamic library

These implants access a Solana wallet address to retrieve C2 instructions. If that fails, they fall back to a Google Calendar event, demonstrating the attackers’ resilience and creativity.

Once connected to the C2 server, the implants download an encrypted JavaScript payload that carries out credential theft, wallet draining, and further system compromise.

Why This Campaign Is So Dangerous

Rarely do attackers publish 20+ malicious extensions across major marketplaces in one week. The scope and sophistication of GlassWorm make it a serious supply-chain threat.

Key risks include:

• Compromised GitHub or npm accounts
• Malicious updates pushed to legitimate libraries
• Theft of source code and private repositories
• Drained crypto wallets
• Weaponization of developer machines

As Tuckner warned, developers are often “one click away from compromise.”

How Developers Can Protect Themselves

To reduce risk, developers should:

• Verify publisher names before installing any extension
• Check the extension’s creation date, reviews, and download patterns
• Avoid newly created look-alikes of popular tools
• Enable multi-factor authentication (MFA) for all dev accounts
• Continuously monitor repositories for suspicious commits
• Regularly audit and remove unused extensions

Final Thoughts + Call to Action

The return of GlassWorm underscores a growing cybersecurity reality: developer ecosystems are high-value targets, and malicious actors are becoming more adept at exploiting trust.

If you’ve installed extensions recently or work with any of the affected frameworks now is the time to review your environment, audit installed tools, and tighten your security practices.