Over the past week, cybersecurity professionals have been gripped by the emergence of GlassWorm, a highly sophisticated, self-propagating malware campaign targeting VS Code extensions on the OpenVSX Marketplace.
The scale and technical complexity of this attack signal a turning point for supply chain security in developer ecosystems.
As of October 2025, over 35,800 installations have reportedly been compromised, with the number growing as active malicious extensions continue to operate in the wild.
The impact is felt not only through direct credential theft but also through deep infiltration of developer machines.
The initial signs of the campaign surfaced when Koi researchers identified unusual behavioral shifts in the seemingly benign “CodeJoy” extension after its 1.8.3 version update.
While the extension passed initial visual code reviews, Koi’s risk engine flagged it for anomalous network connections and credential access.
Undetectable on superficial inspection, the researchers quickly found that the underlying infection vector was both novel and alarming—the malicious code was encoded using invisible Unicode characters, allowing it to blend perfectly with legitimate source files.
The result: entire blocks of JavaScript payload remained unseen to the naked eye and undetectable by most static analysis tools.
.webp "New GlassWorm Using Invisible Code Hits Attacking VS Code Extensions on OpenVSX Marketplace 3")
Koi’s investigation soon revealed the magnitude of the threat. The worm harvests secrets from npm, GitHub, OpenVSX, and even targets 49 different cryptocurrency wallet extensions.
After siphoning credentials, it leverages them to hijack additional extensions, thereby achieving a self-propagating cycle.
Victims’ devices are then weaponized, serving as criminal proxy nodes or platforms for remote attacks, illustrating a truly distributed and resilient campaign strategy.
Koi analysts confirmed that the attackers architected an unkillable command-and-control (C2) infrastructure using the Solana blockchain.
Alongside blockchain payload distribution, fallback C2 mechanisms—Google Calendar events and direct IP endpoints—make takedown efforts almost futile.
Each communication contains encrypted instructions for further stages, enabling dynamic updates to the malware in near real-time.
This approach enables GlassWorm to adapt swiftly and persistently within compromised networks.
Invisible Unicode: The Infection Mechanism
A standout aspect of GlassWorm’s operation is its use of the Unicode “variation selector” exploit. By inserting non-rendering Unicode codepoints into JavaScript source files, the malware hides entire logic branches.
These characters are ignored by visual editors and code review platforms but are recognized and executed by the JavaScript interpreter.
For instance, a segment in the compromised CodeJoy file showed a vast empty space—actually filled with functional malicious code—successfully disguised.
// Line 2 appears empty but contains:
function stealCreds() {...}This method fundamentally breaks assumptions of code transparency. Developers, even when manually inspecting diffs or reviewing GitHub commits, cannot see the injected logic.
Only byte-wise or deeply specialized tools can reveal the hidden payload, underscoring the criticality of updating code inspection and CI processes to detect non-standard Unicode—a mitigation priority for defenders.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
