GlassWorm Returns: Threat Actors Reinfect VS Code Ecosystem with New Extensions

Cybersecurity researchers have uncovered three new Visual Studio Code (VS Code) extensions linked to the persistent GlassWorm malware campaign, highlighting an ongoing effort by threat actors to exploit the developer ecosystem. Despite previous takedowns, the malicious campaign continues to evolve using stealthy obfuscation techniques and blockchain-based infrastructure for resilience.

Newly Identified Extensions

According to the latest analysis, the following extensions—still available for download—have been tied to the revived GlassWorm campaign:

• ai-driven-dev.ai-driven-dev (3,402 downloads)

• adhamu.history-in-sublime-merge (4,057 downloads)

• yasuyuky.transient-emacs (2,431 downloads)

These malicious extensions were discovered spreading through both the Open VSX Registry and the Microsoft Extension Marketplace, two widely used distribution platforms for developer tools.

Background on GlassWorm

Originally disclosed by Koi Security in late 2025, GlassWorm is a sophisticated malware campaign designed to:

• Harvest developer credentials from GitHub, Open VSX, and Git.

• Drain funds from nearly 50 cryptocurrency wallet extensions.

• Deploy secondary payloads that enable remote access and system control.

The malware’s defining feature is its use of invisible Unicode characters—known as variation selectors—that hide malicious commands inside seemingly benign code. This tactic allows infected extensions to propagate themselves autonomously, effectively acting as a self-replicating worm within the developer ecosystem.

Resurgence and New Tactics

Following the first wave of infections, Open VSX confirmed that all known malicious extensions had been removed and related access tokens revoked by October 21, 2025. However, new reports from Koi Security reveal that the attackers have returned with modified code, reusing the same Unicode-based evasion method to bypass detection.

The attackers also updated their command-and-control (C2) infrastructure via a transaction posted to the Solana blockchain, pointing infected machines to a new payload location. Researchers noted that blockchain-based C2 channels are particularly resilient: even if original servers are shut down, attackers can cheaply post new instructions on-chain, allowing malware to self-update.

Victimology and Attribution

Koi Security’s ongoing analysis identified a list of victims spanning the U.S., South America, Europe, and Asia, including a major Middle Eastern government organization. A keylogger sample from the attackers’ own system further revealed that the operation is likely Russian-speaking and utilizes an open-source browser C2 framework called RedExt.

The campaign has also expanded its reach beyond VS Code, using stolen GitHub credentials to push malicious commits into legitimate repositories—turning trusted developer infrastructure into a tool for propagation.

Lessons for Developers and Organizations

• Audit installed extensions: Developers should verify the legitimacy of all installed VS Code extensions and review their source code when possible.

• Revoke compromised credentials: Any accounts connected to suspicious extensions should have credentials rotated immediately.

• Monitor blockchain-based C2 activity: Security teams must consider blockchain transaction monitoring as part of their threat intelligence strategy.

• Apply supply chain hygiene: Limit use of third-party developer tools to vetted publishers with consistent security histories.

Conclusion

The return of GlassWorm demonstrates how supply chain attacks are becoming increasingly persistent and decentralized, leveraging both trusted developer ecosystems and emerging technologies like blockchain for resilience. As the campaign continues to evolve, maintaining strong visibility and rapid detection across software development pipelines remains essential for defense.