Cybersecurity researchers have uncovered a significant escalation in the GlassWorm malware campaign, which now leverages Open VSX extensions to compromise developer environments. The campaign abuses extension relationships to turn initially benign-looking packages into malicious delivery vehicles, targeting developers across multiple platforms.
How GlassWorm Works
Instead of embedding malicious code directly in every extension, the threat actor now uses extensionPack and extensionDependencies to trigger secondary malicious extensions after initial trust is established. This allows:
- Benign-appearing VS Code extensions to become transitive malware carriers
- Stealthy exfiltration of tokens, credentials, and secrets
- Dynamic updates via Remote Dynamic Dependencies (RDD) hosted outside the registry
The campaign also leverages Solana blockchain transactions to fetch command-and-control (C2) server information and employs Unicode obfuscation to hide malicious payloads in source files.
Targeted Extensions and Platforms
At least 72 Open VSX extensions were discovered since January 2026, imitating common developer tools such as linters, formatters, and AI-powered coding assistants like Clade Code and Google Antigravity. Examples include:
- angular-studio.ng-angular-extension
- crotoapp.vscode-xml-extension
- gvotcha.claude-code-extension
- mswincx.antigravity-cockpit
- tamokill12.foundry-pdf-extension
Aikido and Socket reported that 151 GitHub repositories were impacted between March 3–9, 2026. Additionally, two npm packages were found using the same Unicode technique:
@aifabrix/miso-client@iflow-mcp/watercrawl-watercrawl-mcp
PhantomRaven Confusion
Endor Labs identified 88 new malicious npm packages between November 2025 and February 2026. While initially attributed to PhantomRaven, some packages were later claimed to be part of a research experiment, though evidence suggested excessive data collection and evasive publishing tactics.
Found this article interesting? Follow us on X (Twitter) , Facebook, Blue sky and LinkedIn to read more exclusive content we post.
