A third wave of the Glassworm supply-chain attack campaign has been observed, with researchers identifying 24 newly uploaded malicious packages on both the OpenVSX and Microsoft Visual Studio Code marketplaces.
OpenVSX and the Microsoft Visual Studio Marketplace host thousands of extensions used to add language support, frameworks, themes, and productivity tools to development environments. OpenVSX offers a vendor-neutral alternative used by editors that cannot access Microsoft’s proprietary store.
First spotted in this October, Glassworm hides malicious code using “invisible Unicode characters” to evade review. Once installed, the extensions attempt to steal GitHub, npm, and OpenVSX credentials, as well as cryptocurrency wallet data from dozens of targeted extensions. The malware also deploys a SOCKS proxy to route malicious traffic through infected machines and installs an HVNC client to provide attackers with stealthy remote access.
Although both marketplaces removed the first wave of malicious uploads and rotated compromised access tokens, the attackers quickly returned using new publisher accounts and fresh extension names. The latest campaign uncovered by Secure Annex mimics widely used tools and frameworks such as Flutter, Vim, Yaml, Tailwind, Svelte, React Native, and Vue.
Once the extensions pass initial review and are listed, their publishers push an update that injects the malware. Attackers then artificially inflate download counts to boost visibility and make the packages appear reputable, sometimes placing them directly alongside the legitimate projects they impersonate.
The latest wave includes Rust-based implants embedded within the extensions, and in some cases continues to use the invisible Unicode obfuscation trick that helped conceal earlier variants.
