The notorious supply chain threat, GlassWorm, has resurfaced, targeting developers by infiltrating both the Microsoft Visual Studio Marketplace and Open VSX with 24 malicious extensions. These extensions impersonate widely-used developer frameworks and tools, including Flutter, React, Tailwind, Vim, and Vue.
Originally documented in October 2025, GlassWorm uses the Solana blockchain to manage command-and-control operations, harvest npm, Open VSX, GitHub credentials, drain cryptocurrency wallets, and convert developer machines into nodes under attacker control.
The campaign’s primary danger lies in its ability to exploit stolen credentials to compromise additional extensions, effectively spreading like a worm. Despite ongoing countermeasures by Microsoft and Open VSX, the malware resurfaced last month, with attackers also observed targeting GitHub repositories.
Secure Annex researcher John Tuckner reported that the latest wave consists of 24 extensions across both marketplaces. The identified extensions include:
VS Code Marketplace:
- iconkieftwo.icon-theme-materiall
- prisma-inc.prisma-studio-assistance (removed as of December 1, 2025)
- prettier-vsc.vsce-prettier
- flutcode.flutter-extension
- csvmech.csvrainbow
- codevsce.codelddb-vscode
- saoudrizvsce.claude-devsce
- clangdcode.clangd-vsce
- cweijamysq.sync-settings-vscode
- bphpburnsus.iconesvscode
- klustfix.kluster-code-verify
- vims-vsce.vscode-vim
- yamlcode.yaml-vscode-extension
- solblanco.svetle-vsce
- vsceue.volar-vscode
- redmat.vscode-quarkus-pro
- msjsdreact.react-native-vsce
Open VSX:
- bphpburn.icons-vscode
- tailwind-nuxt.tailwindcss-for-react
- flutcode.flutter-extension
- yamlcode.yaml-vscode-extension
- saoudrizvsce.claude-dev
- saoudrizvsce.claude-devsce
- vitalik.solidity
Attackers artificially inflate download counts to appear credible and strategically place these extensions near genuine projects, deceiving developers into installing them.
“Once an extension passes initial approval, attackers can easily push malicious updates while bypassing filters,” Tuckner explained. “Malicious code is often injected immediately after the extension activation sequence begins.”
The latest version introduces Rust-based implants within the extensions. Analysis of the “icon-theme-materiall” extension by Nextron Systems revealed:
- A Windows DLL named os.node
- A macOS dynamic library named darwin.node
These implants fetch C2 server details from a Solana blockchain wallet to download the next-stage payload, an encrypted JavaScript file. As a backup, attackers can also extract the C2 address from Google Calendar events.
Tuckner emphasized the rarity and severity of this campaign: “Publishing 20+ malicious extensions across major marketplaces in a single week is extremely uncommon. Developers are just one click away from compromise.”
Found this article interesting? Follow us on Twitter , Facebook, Blue sky and LinkedIn to read more exclusive content we post.
