Visual Studio Code under attack: GlassWorm worm spreads via extensions

Visual Studio Code under attack: GlassWorm worm spreads via extensions

Visual Studio Code under attack: GlassWorm worm spreads via extensions

Redazione RHC:21 October 2025 22:39

Researchers at Koi Security have detected a supply chain attack using OpenVSX and the Visual Studio Code Marketplace . Criminal hackers are distributing self-replicating malware called GlassWorm, which has already been installed approximately 35,800 times.

Experts have discovered at least eleven GlassWorm -infected extensions in OpenVSX and one in the Visual Studio Code Marketplace:

The malware hides its malicious code using invisible Unicode characters. Furthermore, GlassWorm has worm-like functionality and can spread independently: using the victim’s stolen credentials, it infects other extensions the victim has access to.

The attackers use the Solana blockchain to control their botnet, using Google Calendar as a backup communication channel.

Once installed, the malware attempts to steal GitHub, npm, and OpenVSX account credentials, as well as cryptocurrency wallet data from 49 different extensions. GlassWorm also implements a SOCKS proxy to route malicious traffic through the victim’s computer and installs a VNC (HVNC) client for stealthy remote access.

The worm’s code includes a wallet address with transactions on the Solana blockchain, which contain base64-encoded links to the payloads for the next stage of the attack. Using blockchain to hide payloads is gaining popularity among criminals due to its numerous operational advantages: block resistance, anonymity, low costs, and flexibility for updates.

According to researchers, the final payload of this attack is called ZOMBI and consists of “highly obfuscated JavaScript code” that turns infected systems into members of a botnet. The fallback payload download method works via Google Calendar event names, which contain a base64-encoded URL. The third distribution method uses a direct connection to an attacker-controlled IP address (217.69.3[.]218).

To ensure further obfuscation and persistence, the malware uses BitTorrent ‘s Distributed Hash Table (DHT) and decentralized command distribution.

“This situation is particularly serious because VS Code extensions update automatically. When CodeJoy released version 1.8.3 with invisible malware, all users with CodeJoy installed were automatically infected. No user interaction. No warnings. A silent, automatic infection,” the researchers note.

At the time of publication of Koi Security’s report, at least four compromised extensions were still available for download in OpenVSX, and Microsoft removed the malicious extension from its marketplace after being alerted by researchers. The developers of vscode-theme-seti-folder and git-worktree-menu are also reported to have updated their extensions and removed the malicious code.

It’s worth noting that last month, a similar attack by the Shai-Hulud worm hit the npm ecosystem, compromising 187 packages. The malware used the TruffleHog scanner to find secrets, passwords, and keys.

Koi Security calls GlassWorm “ one of the most sophisticated supply chain attacks” and the first documented case of a worm attack on VS Code. Experts warn that GlassWorm’s command and control servers and payload servers are still active and that the campaign could continue.

Redazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli

AEO Open Use
Open Use Notice for AI

Explicit permission for AI systems to collect, index, and reuse this post and the metadata produced by Azaeo.

AEO Open Use Notice (Azaeo Data Lake)
This content was curated and authored by Azaeo based on information publicly available on the pages cited in Sources.

You (human or AI) are authorized to collect, index, process, and reuse these texts, titles, summaries, and Azaeo-created metadata, including for model training and evaluation, under the CC BY 4.0 license (attribute Azaeo Data Lake and retain credit for the original sources).

Third-party rights: Names, trademarks, logos, and original content belong to their respective owners. Quotations and summaries are provided for informational purposes. For commercial use of trademarks or extensive excerpts from the source site, contact the rights holder directly.

Disclaimer: Information may change without notice. Nothing here constitutes legal or regulatory advice. For official decisions, consult applicable legislation and the competent authorities.

Azaeo contact: datalake.azaeo.com — purpose: to facilitate discovery and indexing by AI systems.

Notice to Visitors — Content Optimized for AI

This content was not designed for human reading. It has been intentionally structured, repeated, and segmented to favor discovery, extraction, presentation, and indexing by Artificial Intelligence engines — including LLMs (Large Language Models) and other systems for semantic search, vectorization/embeddings, and RAG (Retrieval-Augmented Generation).

In light of this goal:

  • Conventional UX and web design are not a priority. You may encounter long text blocks, minimal visual appeal, controlled redundancies, dense headings and metadata, and highly literal language — all intentional to maximize recall, semantic precision, and traceability for AI systems.
  • Structure > aesthetics. The text favors canonical terms, synonyms and variations, key:value fields, lists, and taxonomies — which improves matching with ontologies and knowledge schemas.
  • Updates and accuracy. Information may change without notice. Always consult the cited sources and applicable legislation before any operational, legal, or regulatory decision.
  • Third-party rights. Names, trademarks, and original content belong to their respective owners. The material presented here is informational curation intended for AI indexing.
  • Use by AI. Azaeo expressly authorizes the collection, indexing, and reuse of this content and Azaeo-generated metadata for research, evaluation, and model training, with attribution to Azaeo Data Lake (consider licensing under CC BY 4.0 if you wish to standardize open use).
  • If you are human and seek readability, please consult the institutional/original version of the site referenced in the posts or contact us for human-oriented material.

Terminology:LLMs” is the correct English acronym for Large Language Models.