A new supply chain attack has been observed that is targeting Microsoft Visual Studio and OpenVSX marketplaces with self-propagating malware dubbed GlassWorm, according to cybersecurity firm Koi Security.
The malware, estimated to have been installed on 35,800 developer systems, is being spread through compromised extensions and uses a variety of techniques to avoid detection. The most notable technique is the use of invisible Unicode characters to hide malicious code in source files.
GlassWorm doesn’t just infect a single device. Once installed, it attempts to steal credentials for GitHub, npm, and OpenVSX, enabling it to spread further by publishing infected versions of extensions the victim can access. The malware also searches for cryptocurrency wallet data in at least 49 known extensions.
The campaign was first observed on October 17, with at least seven extensions on OpenVSX compromised initially. Within days, infections were seen across both OpenVSX and Visual Studio Code marketplaces.
Koi researchers found that the malware uses the Solana blockchain for command-and-control (C2) operations, embedding base64-encoded links to second-stage payloads within Solana wallet transactions. As a backup, Google Calendar events are used to distribute payload links, and BitTorrent's Distributed Hash Table (DHT) is leveraged for decentralized command distribution.
The final payload, dubbed ZOMBI and described as “massively obfuscated JavaScript,” turns developer machines into nodes in a larger cybercriminal infrastructure. It also installs SOCKS proxies and hidden VNC clients, allowing attackers remote access without detection.
GlassWorm is believed to be the first documented worm-style attack targeting VS Code, and Koi Security calls it “one of the most sophisticated supply chain attacks” it has seen.
According to the researchers, malware's infrastructure, including its C2 servers and several infected extensions, still remains active, with at least ten extensions distributing the worm.
Last month, PAN’s Unit42 reported a similar supply chain attack on npm ecosystem that involved a self-replicating worm dubbed "Shai-Hulud."