A new chapter in supply chain attacks is unfolding as “GlassWorm,” the world’s first worm targeting VS Code extensions on the OpenVSX marketplace, actively spreads through developer ecosystems.
Unlike previous incidents, GlassWorm combines invisibility, decentralized command and control, and sophisticated credential theft, putting tens of thousands of developers and potentially millions of users at risk.
Invisible Code: The Stealth Technique Shattering Security Models
GlassWorm’s infection cycle began with the compromise of OpenVSX extensions, first detected when the widely used CodeJoy productivity tool introduced a hidden payload in version 1.8.3.
What makes this campaign extraordinary is its innovative use of Unicode variation selectors special characters that render as blank space in code editors and diffs.
This technique creates code that is literally invisible to both human reviewers and automated static analysis tools, yet executes malicious routines in the JavaScript interpreter without leaving visible traces.
Developers and security teams have traditionally relied on code review and marketplace vetting processes; GlassWorm proves that visual inspection is now fundamentally broken.
Once installed via a compromised extension, GlassWorm harvests sensitive credentials including NPM tokens, GitHub credentials, and OpenVSX access keys. But its appetite does not end there: it actively scans for 49 cryptocurrency wallet extensions, rapidly draining funds from infected machines.
The campaign further deploys SOCKS proxy servers and HVNC (Hidden Virtual Network Computing), quietly converting workstations into relay points for criminal infrastructure and providing attackers with full, invisible remote desktop access.
Decentralized C2: Blockchain, Google Calendar, and Persistent Propagation
GlassWorm’s command infrastructure is designed to be unkillable. Instead of relying on conventional command-and-control servers, it uses the Solana blockchain as its backbone.
Communication occurs through reading transaction memo fields associated with hardcoded crypto wallet addresses; these memos contain base64-encoded links to the next stage payloads.
Due to the immutable, censorship-resistant nature of blockchains, this infrastructure cannot be disabled or taken down. The malware can update payload locations inexpensively and dynamically by issuing new blockchain transactions.
As a redundant backup, GlassWorm also leverages Google Calendar events. By encoding payload URLs into event titles, the attacker ensures that legitimate, globally accessible C2 channels persist even if other infrastructure is blocked, completely bypassing conventional filtering methods.
The final payload decrypted using per-request keys delivered in custom HTTP headers launches a full remote access trojan capable of SOCKS proxying, peer-to-peer communication via WebRTC, and command distribution over the BitTorrent DHT network.
The result is an automated, self-sustaining worm. GlassWorm uses the credentials it steals to compromise additional accounts, spread to more extensions, and maintain a persistent foothold across developer ecosystems.
With 35,800 detected installations and five extensions still actively distributing malware, the campaign exemplifies the exponential risk posed by modern supply chain worms.
IOCs
Compromised Extensions
OpenVSX Extensions (with malicious versions):
Find this Story Interesting! Follow us on Google News , LinkedIn and X to Get More Instant Updates
