Redazione RHC : 21 October 2025 22:39
Researchers at Koi Security have detected a supply chain attack using OpenVSX and the Visual Studio Code Marketplace . Criminal hackers are distributing self-replicating malware called GlassWorm, which has already been installed approximately 35,800 times.
Experts have discovered at least eleven GlassWorm -infected extensions in OpenVSX and one in the Visual Studio Code Marketplace:
The malware hides its malicious code using invisible Unicode characters. Furthermore, GlassWorm has worm-like functionality and can spread independently: using the victim’s stolen credentials, it infects other extensions the victim has access to.
The attackers use the Solana blockchain to control their botnet, using Google Calendar as a backup communication channel.
Once installed, the malware attempts to steal GitHub, npm, and OpenVSX account credentials, as well as cryptocurrency wallet data from 49 different extensions. GlassWorm also implements a SOCKS proxy to route malicious traffic through the victim’s computer and installs a VNC (HVNC) client for stealthy remote access.
The worm’s code includes a wallet address with transactions on the Solana blockchain, which contain base64-encoded links to the payloads for the next stage of the attack. Using blockchain to hide payloads is gaining popularity among criminals due to its numerous operational advantages: block resistance, anonymity, low costs, and flexibility for updates.
According to researchers, the final payload of this attack is called ZOMBI and consists of “highly obfuscated JavaScript code” that turns infected systems into members of a botnet. The fallback payload download method works via Google Calendar event names, which contain a base64-encoded URL. The third distribution method uses a direct connection to an attacker-controlled IP address (217.69.3[.]218).
To ensure further obfuscation and persistence, the malware uses BitTorrent ‘s Distributed Hash Table (DHT) and decentralized command distribution.
“This situation is particularly serious because VS Code extensions update automatically. When CodeJoy released version 1.8.3 with invisible malware, all users with CodeJoy installed were automatically infected. No user interaction. No warnings. A silent, automatic infection,” the researchers note.
At the time of publication of Koi Security’s report, at least four compromised extensions were still available for download in OpenVSX, and Microsoft removed the malicious extension from its marketplace after being alerted by researchers. The developers of vscode-theme-seti-folder and git-worktree-menu are also reported to have updated their extensions and removed the malicious code.
It’s worth noting that last month, a similar attack by the Shai-Hulud worm hit the npm ecosystem, compromising 187 packages. The malware used the TruffleHog scanner to find secrets, passwords, and keys.
Koi Security calls GlassWorm “ one of the most sophisticated supply chain attacks” and the first documented case of a worm attack on VS Code. Experts warn that GlassWorm’s command and control servers and payload servers are still active and that the campaign could continue.
Redazione