In a major escalation of supply chain attacks, the GlassWorm malware campaign has evolved to infect developer environments using transitive dependencies.
On March 13, 2026, the Socket Research Team reported identifying at least 72 new malicious Open VSX extensions linked to this campaign.
Instead of placing the malicious payload directly into an initial extension, threat actors are now disguising the malware by pulling it through secondary updates after trust is established.
72 Malicious Open VSX Extensions
The core of this new technique relies on abusing two legitimate extension manifest fields: extensionPack and extensionDependencies. These features are originally designed to help developers conveniently bundle required extensions together.
However, GlassWorm operators are publishing seemingly benign, standalone extensions to the Open VSX registry first.
According to Socket Research Team, once developers install and trust these extensions, the attackers release a later update that modifies the manifest files.
This update secretly introduces an extensionPack or extensionDependencies link to a separate, hidden GlassWorm loader.
As a result, the code editor automatically installs the malicious dependency in the background, making standard initial code reviews completely ineffective.
twilkbilk.color-highlight-css Open VSX extension (Source: Socket)To maximize their reach, the attackers heavily impersonate popular developer utilities and inflate download counts into the thousands.
The 72 malicious packages mimic widely used linters, code formatters like Prettier and ESLint, and popular language tooling for Python, Vue, Angular, and Flutter.
Notably, the campaign also targets developers using artificial intelligence tools. Threat actors have created extensions impersonating AI developer assistants like Claude Code, Codex, and Antigravity.
In some instances, such as the daeumer-web.es-linter-for-vs-code package, attackers used direct typosquatting of legitimate publisher names to appear trustworthy and trick unsuspecting victims.
While GlassWorm maintains its primary goal of stealing local credentials, configuration data, and environment secrets from developer workstations, the malware itself has grown more resilient.
The latest variants demonstrate several advanced technical capabilities:
- Infrastructure rotation: The attackers have shifted their Solana wallet infrastructure to a new address (6YGcuyFRJKZtcaYCCFba9fScNUvPkGXodXE1mJiSzqDJ) while adding new command-and-control IP addresses (45.32.151.157 and 70.34.242.255).
- Advanced obfuscation: The static AES-wrapped loader has been replaced with heavier RC4, base64, and string-array obfuscation techniques.
- Remote decryption: Decryption keys are no longer stored within the extension itself; they are now retrieved dynamically from attacker-controlled HTTP response headers like ivbase64 and secretkey.
- Execution guardrails: The malware continues to utilize staged JavaScript execution, in-memory follow-on code execution, Solana transaction memos for dead drops, and Russian locale and timezone geofencing to evade analysis.
Defensive Mitigations
Because these malicious packages appear completely benign upon initial publication, development teams must adjust their security practices.
Reviewing the code of an extension at its first release is no longer enough to guarantee safety.
To protect your environments against transitive GlassWorm infections, implement the following mitigations:
- Audit the version history of your installed extensions for any newly introduced extensionPack or extensionDependencies relationships.
- Review complete installation and update chains rather than only scanning the current extension code.
- Hunt for known GlassWorm indicators of compromise, such as Solana memo lookups or staged loaders containing Russian locale gating.
- Immediately block and remove known GlassWorm-linked packages from developer workstations and check for exposed environment tokens.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
