GlassWorm 2.0: Developer Supply Chain Attack Escalates with 72 Malicious Open VSX Extensions

What Happened

A sophisticated supply chain attack targeting developers has escalated dramatically, with researchers identifying 72 malicious Open VSX extensions distributing the GlassWorm malware in a campaign that represents a fundamental shift toward autonomous, self-sustaining attacks in the open-source ecosystem. According to The Hacker News, this latest wave infected 151 GitHub repositories between March 3-9, 2026, building on earlier attacks that compromised developer accounts and trusted extensions.

The campaign exploits the Open VSX registry—an open-source alternative to Microsoft's VS Code Marketplace—targeting developers who rely on open-source tools. Socket's research team identified the malicious extensions starting January 31, 2026, revealing a carefully orchestrated attack that abuses legitimate extension mechanisms to distribute malware.

Technical Details

GlassWorm employs several sophisticated techniques that make it particularly dangerous and difficult to detect:

Unicode Steganography

The malware uses invisible Unicode characters to hide malicious code within extension files, making visual inspection nearly impossible. As detailed by Fluid Attacks, this steganographic approach embeds payloads directly into JavaScript files using zero-width characters that appear invisible in standard text editors.

Transitive Dependency Abuse

Attackers exploit legitimate manifest fields—specifically extensionPack and extensionDependencies—to silently pull hidden GlassWorm loaders. Extensions appear benign during initial review, but post-installation updates automatically fetch malicious dependencies without user interaction.

Advanced Obfuscation

The campaign evolved from static AES-encrypted payloads to dynamic decryption using RC4, base64, and string-array techniques. Decryption keys are now fetched dynamically from attacker-controlled HTTP headers, making signature-based detection significantly harder.

Self-Propagation Mechanism

Perhaps most concerning is GlassWorm's autonomous spread capability. The malware steals credentials from NPM, GitHub, and Open VSX, then uses these stolen tokens to compromise additional repositories and publish new malicious packages—creating a self-sustaining infection cycle. Cypro reports that attackers uploaded 88 additional malicious npm packages between November 2025 and February 2026 using this technique.

Impact Assessment

The scale of this campaign is substantial:

• 36,000+ downloads of initially compromised extensions occurred before detection
• 49 cryptocurrency wallet extensions were targeted, including MetaMask, Coinbase, and Phantom
• Initial attack waves affected extensions with 22,000+ prior downloads, indicating established trust
• Developers using VS Code and open-source tooling face direct credential theft risk
• Compromised GitHub repositories create downstream supply chain risks for dependent projects

The malware specifically targets macOS systems, stealing passwords, crypto-wallet data, SSH keys, and environment variables containing sensitive credentials. Dark Reading notes that this represents a shift toward targeting developer workstations as high-value attack surfaces.

What You Should Do

Immediate Actions:

1. Audit installed extensions: Review all VS Code extensions, particularly those installed recently or updated automatically
2. Check manifest changes: Look for suspicious additions to extensionPack or extensionDependencies fields in extension manifests
3. Rotate credentials: Change NPM tokens, GitHub personal access tokens, and Open VSX publishing credentials if you've installed extensions from Open VSX recently
4. Monitor cryptocurrency wallets: Check for unauthorized transactions if you use wallet extensions like MetaMask or Phantom
5. Review GitHub repositories: Check for unauthorized commits or package publishes, especially if you have maintainer access

Longer-term Mitigations:

• Prefer extensions from the official VS Code Marketplace when possible
• Verify publisher identity before installing extensions
• Use scoped NPM packages and enable 2FA on all developer accounts
• Consider extension whitelisting in enterprise environments
• Monitor for unusual outbound connections to IPs like 45.32.150.251, 45.32.151.157, or 70.34.242.255

Lessons Learned

This campaign highlights critical vulnerabilities in the open-source ecosystem that extend beyond individual developer hygiene:

Trust is Exploitable: Attackers weaponized the trust developers place in established extensions with thousands of downloads. The transitive dependency mechanism means a single compromised extension can cascade into widespread infections.

Self-Propagating Malware is Here: GlassWorm's ability to autonomously spread using stolen credentials represents a dangerous evolution. Traditional incident response assumes a fixed attack surface, but self-propagating malware creates an expanding perimeter that's harder to contain.

Registry Security Matters: Open VSX and similar registries need enhanced security measures—including publisher verification, manifest change detection, and automated malware scanning—to match the trust developers place in them.

Developer Workstations are High-Value Targets: With access to source code, credentials, and deployment pipelines, developer machines offer attackers a strategic foothold that can compromise entire organizations.

Resources

• The Hacker News: GlassWorm Supply-Chain Attack Analysis
• Socket: Technical Deep Dive on Open VSX Campaign
• Fluid Attacks: GlassWorm Technical Breakdown
• Cypro: Campaign Escalation Details
• Dark Reading: Developer Ecosystem Security Implications