A brand new wave of the Glassworm marketing campaign is focusing on the OpenVSX ecosystem with 73 “sleeper” extensions that flip malicious after an replace.
Six of the extensions have been activated and ship malware, whereas researchers assess with excessive confidence that the remainder of them are dormant or at the very least suspicious.
When initially uploaded, the extensions are benign however ship the payload at a later stage, revealing the attacker’s true intention.
“This rely might change as new updates proceed to seem, however the sample is according to earlier GlassWorm waves,” say researchers at software safety firm Socket.
GlassWorm is an ongoing provide chain assault marketing campaign first noticed in October, initially utilizing invisible Unicode characters to cover malicious code that steals cryptocurrency wallets and developer credentials.
It has since expanded throughout a number of ecosystems, together with GitHub repositories, npm packages, and each the Visible Studio Code Market and OpenVSX. They’ve additionally been noticed to focus on macOS customers with trojanized crypto pockets purchasers.
A latest wave in mid-March 2026 confirmed important scale, affecting tons of of repositories and dozens of extensions.
Nevertheless, operations of such a scale might be noisy and depart a number of traces, as a number of distinct analysis groups caught the exercise early and helped block it.
The most recent wave means that the attacker’s intent is to alter their technique by submitting innocuous extensions to a single ecosystem and introducing the malicious payload in a subsequent replace, reasonably than embedding it within the extensions.
Socket has discovered that the 73 extensions concerned in the latest GlassWorm marketing campaign are clones of authentic listings, designed to trick builders who don’t pay a lot consideration past visuals.
In a single case, the attacker used the identical icon because the authentic extension, adopted an analogous naming and outline. Though there are delicate variations, the primary indicators are the title of the writer and the distinctive identifier.
As an alternative of carrying the malware, the extensions now act as skinny loaders that fetch it through one of many following strategies:
- The extension retrieves a secondary VSIX bundle from GitHub at runtime and installs it utilizing CLI instructions.
- The extensions load platform-specific compiled modules (.node information) that include the core logic, together with fetching extra payloads and executing set up routines throughout supported editors.
- Some variants rely fully on closely obfuscated JavaScript that decodes at runtime to fetch and set up malicious extensions, typically together with encrypted or fallback URLs for payload retrieval.
Socket didn’t present technical particulars in regards to the latest payload. Beforehand, these assaults had been aimed toward stealing cryptocurrency pockets information, credentials, entry tokens, SSH keys, and developer atmosphere information.
The cybersecurity firm has revealed the total listing of the 73 extensions believed to be a part of the most recent GlassWorm wave. Builders who put in any of them are really useful to rotate all secrets and techniques and clear their atmosphere.
AI chained 4 zero-days into one exploit that bypassed each renderer and OS sandboxes. A wave of latest exploits is coming.
On the Autonomous Validation Summit (Might 12 & 14), see how autonomous, context-rich validation finds what’s exploitable, proves controls maintain, and closes the remediation loop.
