GlassWorm: A Self-Propagating VS Code Extension Worm Targeting Developers

Researchers have uncovered GlassWorm, a self-propagating worm that spreads through compromised Visual Studio Code extensions on the Open VSX Registry and the Microsoft Extension Marketplace. The campaign demonstrates that developers and their toolchains are now a primary target for high-impact supply-chain attacks.

What makes GlassWorm dangerous

GlassWorm combines several uncommon techniques that increase its resilience and stealth:

• Blockchain-based C2: The worm uses transactions on the Solana blockchain to publish encoded command-and-control metadata, making takedown and attribution harder.

• Fallback channels: Google Calendar events are used as a secondary C2 channel carrying Base64-encoded payload indicators.

• Invisible code obfuscation: Attackers embed invisible Unicode characters (variation selectors) that render malicious code invisible in many editors, helping conceal modifications during code reviews.

• Auto-update abuse: Because VS Code extensions auto-update, malicious payloads can be pushed and executed on developer machines without user interaction.

Objectives and capabilities

Once executed the worm performs a multiphase compromise designed to maximize both intelligence and monetization value:

• Credential theft: Harvests npm, Open VSX, GitHub, and Git credentials and authentication tokens.

• Crypto theft: Scans for transactions to attacker-controlled wallets and can drain funds from targeted wallet extensions.

• Proxy & persistence: Installs SOCKS proxies, WebRTC modules, and hidden VNC (HVNC) servers to create persistent remote access and routing through infected developer hosts.

• Propagation: Uses stolen credentials to push malicious updates and compromise additional packages and extensions.

• Decentralized C2: Leverages BitTorrent DHT and blockchain memos to distribute commands and payload locations.

Scope and timeline

The first wave of infections was observed on October 17, 2025, affecting a set of extensions across Open VSX (13 packages) and one on the Microsoft Marketplace. Collectively these extensions had tens of thousands of downloads, widening opportunistic exposure across developer environments.

Mitigation and defensive guidance

• Audit and rollback: Inspect recently updated extensions and revert to known-good versions; remove untrusted or unused extensions.

• Harden developer environments: Restrict credential access from developer workstations and CI runners; require SSH/Git token rotation and MFA.

• Network controls: Block suspicious outbound hosts and restrict egress for developer machines; monitor for SOCKS, WebRTC, and unusual HTTP traffic.

• Supply-chain hygiene: Use vetted registries, sign extensions, pin dependency versions, and require code review for any auto-update changes.

• Detection: Watch for Base64 memo activity on Solana, unusual Google Calendar API usage, and invisible-character anomalies in source files.

Conclusion

GlassWorm illustrates a new class of supply-chain worm that weaponizes developer tooling, decentralized infrastructure, and stealthy obfuscation. Defending against it requires a blend of supply-chain controls, tighter developer environment hygiene, and network-level monitoring to detect and contain fast-moving propagation.