Cybersecurity researchers have discovered a self-propagating worm that spreads through the Open VSX Registry and Visual Studio Code (VS Code) extensions on the Microsoft Extension Marketplace. This highlights how developers are a prime target for attacks.
This advanced threat, codenamed GlassWorm by Koi Security, is the second such supply chain attack to hit the DevOps space in less than a month, following the Shai-Hulud worm that targeted the npm ecosystem in mid-September 2025.
What sets this attack apart is the use of the Solana blockchain for command and control (C2), making the infrastructure more resilient to sabotage. We also use Google Calendar as a C2 fallback mechanism.
Another novel aspect is that the GlassWorm campaign relies on “invisible Unicode characters that literally erase malicious code from code editors,” Idan Dardikman said in a technical report. “The attacker used a Unicode variation selector, a special character that is part of the Unicode specification but does not produce any visual output.”
The ultimate goal of the attack is to collect npm, Open VSX, GitHub, and Git credentials, exfiltrate funds from 49 different cryptocurrency wallet extensions, deploy a SOCKS proxy server to turn developer machines into a conduit for criminal activity, install a hidden VNC (HVNC) server for remote access, and weaponize the stolen credentials to compromise additional packages and extensions for further proliferation.
The names of infected extensions are listed below. Thirteen of them are on Open VSX and one is on the Microsoft Extension Marketplace. These extensions have been downloaded approximately 35,800 times. The first wave of infections occurred on October 17, 2025. It is currently unknown how these extensions were hijacked.
codejoy.codejoy-vscode-extension 1.8.3 and 1.8.4 l-igh-t.vscode-theme-seti-folder 1.2.3 kleinesfilmroellchen.serenity-dsl-syntaxhighlight 0.3.2 JScearcy.rust-doc-viewer 4.2.1 SIRILMP.dark-theme-sm 3.11.4 CodeInKlingon.git-worktree-menu 1.0.9 and 1.0.91 ginfuru.better-nunjucks 0.3.2 ellacrity.recoil 0.7.4 grrrck.positron-plus-1-e 0.0.71 jeronimoekerdt.color-picker-universal 2.8.91 srcery-colors.srcery-colors 0.3.9 sissel.shopify-liquid 4.0.1 TretinV3.forts-api-extention 0.3.1 cline-ai-main.cline-ai-agent 3.1.3 (Microsoft Extension Marketplace)
The malicious code hidden within the extension is designed to search for transactions associated with attacker-controlled wallets on the Solana blockchain, and if found, extract a Base64-encoded string from the memo field and decode it to the C2 server (“217.69.3″).[.]218” or “199.247.10[.]166”) is used to retrieve the next stage payload.
The payload is an information stealer that captures credentials, authentication tokens, and cryptocurrency wallet data, accesses Google Calendar events, parses another Base64-encoded string, and connects to the same server to retrieve a payload codenamed Zombi. Data is exfiltrated to a remote endpoint (‘140.82.52’).[.]31:80″) is controlled by threat actors.
The Zombi module, written in JavaScript, essentially turns a GlassWorm infection into a full-fledged compromise by dropping a SOCKS proxy, a WebRTC module for peer-to-peer communication, BitTorrent’s Distributed Hash Table (DHT) for distributed command distribution, and HVNC for remote control.
The problem is further complicated by the fact that VS Code extensions are configured to auto-update, allowing threat actors to push malicious code automatically without requiring user interaction.
“This is not a one-off supply chain attack,” Durdikman said. “This is a worm designed to spread like wildfire throughout the developer ecosystem.”
“Advertisers have found ways to make supply chain malware autonomous. They no longer just compromise individual packages, they are building worms that can autonomously spread throughout the software development ecosystem.”
The development comes as the use of blockchain to stage malicious payloads is rapidly increasing due to its anonymity and flexibility, with even North Korean threat actors leveraging the technology to orchestrate espionage and financially motivated campaigns.
Source link
