The supply chain campaign known as GlassWorm has gained momentum again, with 24 extensions masquerading as popular developer tools and frameworks, including Flutter, React, Tailwind, Vim, and Vue, infiltrating both Microsoft Visual Studio Marketplace and Open VSX.
GlassWorm was first documented in October 2025, detailing its use of the Solana blockchain for command and control (C2) and collection of npm, Open VSX, GitHub, and Git credentials, exfiltrating cryptocurrency assets from dozens of wallets, and turning developer machines into attacker-controlled nodes for other criminal activities.
The most important aspect of this campaign is the misuse of stolen credentials to compromise additional packages and extensions, thereby spreading the malware like a worm. Despite continued efforts by Microsoft and Open VSX, the malware resurfaced for a second time last month, with attackers observed targeting GitHub repositories.
The latest wave of GlassWorm campaigns, discovered by Secure Annex’s John Tuckner, include a total of 24 extensions across both repositories. The list of identified extensions is below –
VS Code Marketplace:
iconkieftwo.icon-theme-materiall prisma-inc.prisma-studio-assistance (removed after December 1, 2025) prettier-vsc.vsce-prettier flutcode.flutter-extension csvmech.csvrainbow codevsce.codelddb-vscode saoudrizvsce.claude-devsce Clangdcode.clangd-vsce cweijamysq.sync-settings-vscode bphpburnsus.iconesvscode klustfix.kluster-code-verify vims-vsce.vscode-vim yamlcode.yaml-vscode-extension solblanco.svetle-vsce vsceue.volar-vscode redmat.vscode-quarkus-pro msjsdreact.react-native-vsce
Open VSX.
bphpburn.icons-vscode tailwind-nuxt.tailwindcss-for-react flutcode.flutter-extension yamlcode.yaml-vscode-extension saoudrizvsce.claude-dev saoudrizvsce.claude-devsce Vitaik.solidity
Attackers have been found to artificially inflate download numbers to make extensions appear more trustworthy, make them appear more prominently in search results, often appearing very close to the actual project they’re spoofing, and trick developers into installing the extension.
“It appears that once an extension is initially approved, attackers can easily update the code with a new malicious version and easily bypass the filters,” Tuckner said. “Many code extensions start in an ‘activation’ context, and malicious code is slipped in shortly after activation occurs. ”
The new iteration still relies on invisible Unicode tricks, but features Rust-based implants packaged within extensions. Nextron Systems said in its analysis of the “icon-theme-materiall” extension that it comes with two Rust implants that can target Windows and macOS systems.
A Windows DLL named os.node A macOS dynamic library named darwin.node
As observed in previous GlassWorm infections, the implant is designed to obtain C2 server details from the Solana blockchain wallet address and use them to download the next stage payload, an encrypted JavaScript file. As a backup, you can parse Google Calendar events to obtain C2 addresses.
“It’s rare for an attacker to publish more than 20 malicious extensions in a week across both of the most popular markets,” Tuckner said in a statement. “Many developers can be easily fooled by these extensions and put themselves at risk with just one click.”
Source link
