GlassWorm is the world’s first self-propagating worm targeting VS Code extensions in the OpenVSX marketplace, unleashing invisible malicious payloads and decentralized command infrastructure that make it nearly impossible to detect or dismantle.
First identified on October 17, 2025, GlassWorm hijacks developer machines via invisible Unicode code, harvests credentials, drains cryptocurrency wallets, and transforms infected systems into criminal proxy nodes, all while using blockchain and Google Calendar as unkillable command-and-control backbones.
The defining innovation of GlassWorm is its use of unprintable Unicode variation selectors to embed malicious JavaScript in VS Code extension packages without any visible footprint.
In the compromised CodeJoy extension (version 1.8.3), hundreds of blank lines in the source appear empty in IDEs and diffs yet contain executable code.
These special Unicode characters are ignored by static scanners and human reviewers but parsed by the JavaScript engine, allowing the worm to execute without raising suspicion.
This “glass code” breaks the longstanding assumption that human code review can catch hidden threats, enabling attackers to distribute invisible malware to thousands of users in a single update.
Blockchain and Google Calendar
Once the invisible payload runs, GlassWorm contacts the Solana blockchain for C2 instructions.
%20(1).png "New GlassWorm Threat Uses Stealthy Code to Target OpenVSX Extensions 3")
It scans recent transactions from a hard-coded wallet address, reads the memo field containing a base64-encoded download link, and fetches the next payload.
This approach leverages an immutable, decentralized ledger that cannot be taken down or modified. As a backup, the worm retrieves alternate payload URLs encoded in a Google Calendar event title, exploiting a legitimate service to bypass network restrictions.
Even if defenders block known IPs (such as 217.69.3.218) or domain names, attackers simply post new Solana transactions or update the calendar event, guaranteeing continuous control over infected systems.
GlassWorm’s final stage, dubbed the ZOMBI module, unleashes a fully featured remote access trojan. Infected machines:
- Operate concealed SOCKS proxy servers, routing criminal traffic through corporate networks and anonymizing attacker activities.
- Deploy WebRTC modules for peer-to-peer control channels that traverse NAT and firewall barriers.
- Utilize BitTorrent’s DHT network to distribute commands without centralized servers.
- Install hidden VNC sessions (HVNC) that run in virtual desktops invisible to users, granting attackers stealthy desktop access.
In addition to credential harvesting—NPM tokens, GitHub and Git credentials, OpenVSX access, and 49 cryptocurrency wallet extensions—GlassWorm automatically uses stolen tokens to publish malicious updates to new extensions.
This self-replication cycle mirrors Shai-Hulud’s npm worm behavior but with far greater sophistication: truly invisible code injection, blockchain C2, multi-layer redundancy, and full RAT functionality.
The worm has compromised seven OpenVSX extensions, collectively downloaded over 35,800 times, and remains active in both OpenVSX and Microsoft’s VS Code marketplace.
Ten extensions continue to distribute GlassWorm at the time of writing. Developers with infected extensions face stolen credentials, drained crypto wallets, and unwitting participation in global proxy and botnet networks.
%20(1).png "New GlassWorm Threat Uses Stealthy Code to Target OpenVSX Extensions 7")
Two extension authors—vscode-theme-seti-folder and git-worktree-menu—have deployed clean updates, but five compromised projects still await remediation.
GlassWorm’s emergence marks a dangerous evolution in software supply chain attacks. Traditional defenses—manual code review, signature-based detection, centralized takedowns—are ineffective against invisible code and decentralized C2.
Enterprises and developers must immediately audit installed VS Code extensions, revoke and rotate all credentials, and deploy advanced behavioral monitoring capable of detecting hidden Unicode payloads and anomalous network connections.
Until security tooling adapts to these new stealth techniques, every developer workstation may serve as an invisible node in a criminal infrastructure network.
In a single month, open-source ecosystems have witnessed two self-propagating worms. GlassWorm raises the stakes by shattering trust in human review and harnessing unstoppable command channels.
As the worm spreads, defending against invisible threats has become the top priority for securing development pipelines worldwide.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
