Self-spreading ‘GlassWorm’ targets VS Code extensions in a major supply chain attack

A newly discovered worm named GlassWorm is spreading through Visual Studio Code extensions, marking one of the most sophisticated supply-chain attacks ever seen against developer ecosystems.

 

The malware, uncovered by researchers at Koi Security, infiltrated both the open-source OpenVSX Registry and Microsoft’s official VS Code Marketplace, infecting thousands of users worldwide. 

 

The attack was first detected on October 17, 2025, when seven malicious extensions appeared on OpenVSX, followed shortly by one infected extension on Microsoft’s Marketplace. In total, the compromised extensions had been downloaded over 35,000 times.

 

 According to researchers at Veracode, GlassWorm hides its code using invisible Unicode variation selectors, allowing it to evade static analysis and human review. Once installed, it steals credentials, deploys hidden remote-access tools, and uses compromised accounts to publish more infected extensions, turning the VS Code ecosystem into a self-propagating network. 

 

What makes GlassWorm particularly dangerous is its use of blockchain-based command-and-control infrastructure. The malware reads instructions embedded within Solana blockchain transactions, making takedown efforts nearly impossible.

 

A fallback mechanism uses a disguised Google Calendar event to deliver additional payloads. Analysts at CSO Online note that this hybrid C2 model represents “a new frontier in decentralised malware design.” 

 

Once active, GlassWorm drains cryptocurrency wallets linked to popular developer extensions, deploys proxy servers that turn infected systems into relay nodes for criminal activity, and installs hidden VNC instances for remote control. SecurityWeek reports that the campaign’s goal appears to be both financial gain and the creation of a resilient infrastructure of compromised developer environments. 

 

The incident highlights an urgent vulnerability in the software-development supply chain. Developer tools like VS Code hold privileged access to source code, credentials and CI/CD systems—making them ideal entry points for large-scale compromise. Experts warn that GlassWorm demonstrates a paradigm shift in cybercrime: from isolated package attacks to autonomous, self-spreading threats that exploit the trust built into open-source and enterprise developer workflows.