Full Report
Cybersecurity researchers have flagged a new iteration of the GlassWorm campaign that they say represents a "significant escalation" in how it propagates through the Open VSX registry. "Instead of requiring every malicious listing to embed the loader directly, the threat actor is now abusing extensionPack and extensionDependencies to turn initially standalone-looking extensions into transitive
Analysis Summary
# Incident Report: GlassWorm Supply-Chain Escalation via Open VSX
## Executive Summary
The GlassWorm threat actor has escalated its supply-chain attack campaign by abusing "extensionPack" and "extensionDependencies" within the Open VSX registry. By publishing initially benign extensions that later pull malicious payloads as transitive dependencies, the actor bypassed traditional review processes to target developers. The campaign aimed to steal credentials, secrets, and cryptocurrency while utilizing infected systems as proxies.
## Incident Details
- **Discovery Date:** January 31, 2026 (New iteration flagged by Socket)
- **Incident Date:** Ongoing (Iterative campaign active since at least March 2025)
- **Affected Organization:** Open VSX Registry, GitHub (151+ repositories)
- **Sector:** Technology / Software Development
- **Geography:** Global (targeting non-Russian locales)
## Timeline of Events
### Initial Access
- **Date/Time:** March 2025 – ongoing; latest surge detected January 31, 2026.
- **Vector:** Malicious/Trojanized IDE extensions and npm packages.
- **Details:** Attackers uploaded extensions to Open VSX and VS Code Marketplace mimicking popular tools (linters, AI assistants) to gain a foothold on developer workstations.
### Lateral Movement
- **Details:** The primary movement was "transitive." Attackers updated benign-looking extensions to include malicious "extensionPack" dependencies, automatically forcing the IDE to install the GlassWorm payload without further user interaction.
### Data Exfiltration/Impact
- **Details:** Stealing cryptocurrency from wallets, harvesting authentication tokens/secrets, and utilizing the infected host as a network proxy for criminal activities.
### Detection & Response
- **Discovery:** Flagged by security firms Socket, Koi Security, and Aikido through behavioral analysis and registry scanning.
- **Response Actions:** Open VSX removed 72 malicious extensions; research firms released reports to warn the developer community.
## Attack Methodology
- **Initial Access:** Supply-chain compromise via Open VSX and VS Code Marketplace.
- **Persistence:** Installation of persistent IDE extensions and transitive dependencies.
- **Defense Evasion:** Use of invisible Unicode characters to hide code, rotation of Solana C2 dead-drop wallets, heavily obfuscated loaders, and locale-checking (avoiding Russian systems).
- **Credential Access:** Scraping local files for tokens, secrets, and crypto-wallet credentials.
- **Discovery:** Dead-drop resolving via Solana transactions to find active C2 servers.
- **Lateral Movement:** Transitive dependency abuse (auto-installing malicious packs).
- **Exfiltration:** Standard C2 data exfiltration.
- **Impact:** Financial loss (crypto draining) and unauthorized resource usage (proxies).
## Impact Assessment
- **Financial:** Immediate draining of developer cryptocurrency wallets.
- **Data Breach:** High risk; theft of proprietary credentials and environment secrets.
- **Operational:** Compromise of developer environments, which may lead to further downstream supply chain attacks on the developers' own organizations.
- **Reputational:** Erosion of trust in open-source VS Code extension registries.
## Indicators of Compromise
- **Network indicators:**
- Traffic to Solana blockchain (Dead-drop resolving)
- C2 communication (URLs defanged: `hxxps[://]solana[.]com/transaction/...`)
- **File indicators (Malicious Extensions):**
- `angular-studio.ng-angular-extension`
- `gvotcha.claude-code-extension`
- `mswincx.antigravity-cockpit`
- `tamokill12.foundry-pdf-extension`
- **Behavioral indicators:**
- IDE extensions performing unusual periodic network pings.
- Presence of invisible Unicode characters (e.g., zero-width spaces) in `package.json` or source files.
## Response Actions
- **Containment:** Removal of 72+ flagged extensions from Open VSX and VS Code marketplaces.
- **Eradication:** Developers advised to audit `package.json` for unexpected `extensionDependencies`.
- **Recovery:** Rotating all secrets/tokens stored in developer environments (e.g., AWS keys, GitHub tokens).
## Lessons Learned
- **Key Takeaways:** Attackers are evolving beyond "typosquatting" to "bait-and-switch" transitive dependency attacks.
- **Gaps:** Registry review processes often focus on the initial upload but may fail to re-audit extensions when transitive dependencies are added later.
## Recommendations
1. **Developer Vetting:** Only install extensions from verified publishers with high download counts and long histories.
2. **Review Dependencies:** Regularly audit the "Extension Dependencies" tab in VS Code for any unfamiliar software.
3. **Secret Management:** Use hardware security modules (HSMs) or vault solutions instead of storing plaintext tokens in environment variables or configuration files.
4. **Enhanced Monitoring:** Implement EDR/XDR solutions that monitor IDE processes for unusual network connections or shell executions.