A self-propagating worm has now been discovered targeting Visual Studio Code extensions in open marketplaces, following a similar incident in the NPM ecosystem last month. Researchers at Israel-based Koi Security have named the malware GlassWorm and warn that it has already infiltrated extensions in both the OpenVSX and Microsoft VS Code marketplaces. According to the team, this is one of the most sophisticated supply chain attacks they’ve analyzed—and it’s actively spreading.
When compromised extensions are installed, GlassWorm can harvest sensitive credentials from NPM, GitHub, and Git, drain cryptocurrency wallets, deploy SOCKS proxy servers, and install hidden VNC servers for remote access. Stolen credentials are also used to compromise additional packages and extensions, amplifying the reach of the attack. Last week, seven OpenVSX extensions were found to be infected, collectively downloaded over 35,000 times, while an infected extension was also detected in the VS Code marketplace over the weekend.
The malware evades detection using Unicode variation selectors, special characters that appear invisible during code review or to static analysis tools but are fully executable by JavaScript interpreters. This stealth technique allows GlassWorm to bypass traditional security mechanisms, making it particularly dangerous for developers who unwittingly integrate compromised extensions into their projects. Tanya Janca, head of SheHacksPurple, emphasizes that CISOs should treat this as an immediate security incident due to the high risk posed by VS Code extensions inheriting full application permissions.
To defend against GlassWorm, organizations are advised to conduct an inventory of VS Code usage, identify installed extensions, and check them against known affected lists. Developers should be educated to disable auto-updates, block access to untrusted marketplaces, and rotate credentials that may have been exposed. Standard incident response procedures—detect, contain, eradicate, and recover—should be followed to minimize impact and prevent further spread of the malware.