Fresh Wave of GlassWorm VS Code Extensions Slices Through Supply Chain

APPLICATION SECURITY THREAT INTELLIGENCE VULNERABILITIES & THREATS CYBERSECURITY OPERATIONS NEWS Fresh Wave of GlassWorm VS Code Extensions Slices Through Supply Chain Attackers continue to scale a campaign to seed Open VSX with seemingly benign VS Code extensions that spread self-propagating malware. Elizabeth Montalbano,Contributing Writer April 28, 2026 5 Min Read SOURCE: BRENT HOFACKER VIA ALAMY STOCK PHOTO UPDATE The ongoing GlassWorm campaign has deployed a fresh wave of malicious Visual Studio (VS) Code extensions, many of which seem initially benign but later deploy self-replicating malware that can poison the software supply chain. Researchers from Socket discovered a new cluster of 73 so-called "sleeper" extensions beginning in April, which is related to activity by the self-propagating malware reported last month on the Open VSX marketplace. The latest wave demonstrates that the campaign continues to scale and evolve, according to a recent report published by the Socket Research Team.  A sleeper extension or package is a threat actor-controlled imposter that is published before it's weaponized to build trust and generate downloads, but later can be updated to deliver malware. Earlier GlassWorm campaigns seeded sleeper extensions that remained dormant or fetched payloads later from external sources.  Related:Vercel Employee's AI Tool Access Led to Data Breach The latest wave of malicious extensions, however, include a capability to automatically fetch and execute malicious payloads at a later date, demonstrating a new evasion and propagation tactic, according to the report. "Some variants rely on external payload retrieval, others rely on bundled native binaries, including reused installer components seen in prior GlassWorm activity," according to the research team. However, the common pattern throughout GlassWorm's latest activity "is that the extension itself acts as a thin loader," according to the report.  "This is a tactical shift toward survivability and evasion: the malware is less tied to a single obvious malicious file in the extension source and more spread across updates, external payload hosting, obfuscation, native binaries, and cross-editor installation behavior," Philipp Burckhardt, head of threat intelligence at Socket, tells Dark Reading. LOADING... Supply Chain Threat Persists GlassWorm is a family of self-propagating malware first documented as it spread across Open VSX, an open source alternative to Microsoft's Visual Studio Marketplace, by researchers at Koi Security in October 2025. Its name comes from a unique coding technique found in its original incarnation of the stealthy malware that used printable Unicode characters that don't render in a code editor, basically making the malicious code invisible.  GlassWorm's goal is to infect software developers with infostealers to obtain a target organization's secrets and credentials, which an attacker can then further weaponize to publish poisoned versions of projects maintained by that victim. This creates a downstream effect on the supply chain and allows the malware to self-replicate; when a victim downloads that poisoned package, they inadvertently facilitate its propagation. Related:North Korea Uses ClickFix to Target macOS Users' Data "The risk is full compromise of a developer workstation," Burckhardt says. "These extensions run inside developer environments that often have access to source code, credentials, API keys, SSH keys, cloud tokens, package publishing credentials, and internal systems." At least six of the extensions already have been activated with malware, while the others are sleepers or appear potentially suspicious, according to the report. The number of GlassWorm extensions also remains in flux, because it's unclear how many may activate to become malicious. However, they follow a pattern consistent with other GlassWorm infections in that they "are first published without an obvious payload, then later updated to deliver malware through the normal extension update path," the team wrote. The extensions also demonstrate an "impersonation pattern" to mimic legitimate extensions on Open VSX to trick developers into installing malicious ones. In fact, attackers are cloning legitimate listings almost exactly — replicating names, icons, descriptions, and even README content — while only changing subtle details like the publisher name and unique identifier.  Related:Critical MCP Integration Flaw Puts NGINX at Risk In one example, a fake Turkish language package closely mimics the official version, making the differences easy to miss during routine browsing, according to the Socket team. "The difference is subtle enough that a developer browsing quickly could miss it," according to the report. "This is the core social engineering pattern behind the latest GlassWorm cluster: cloned listings create enough visual trust to attract installs before any malware is introduced." Increased Evasion Demands a Response     The latest dump of GlassWorm extensions doesn't show technical innovation, Idan Dardikman, chief technology officer (CTO) and co-founder at Koi Security, tells Dark Reading. However, it does show a maturing threat actor "running the same playbook at larger scale and with all tools deployed at once," he says, which means the GlassWorm threat continues to persist. As campaigns like this expand, it makes it harder than ever for developers to differentiate between legitimate packages and extensions and malicious ones, perpetuating the existing risk to the software supply chain. For this, Socket urges caution to organizations whose developers use public sites that share code for various software projects.  Specifically, before downloading any code that will deployed in a production environment, developers should examine factors such as download counts and try to verify if the package or extension is coming from a legitimate user by reviewing extension publisher identity, age, download patterns, and naming similarity before approving use, Burckhardt says. They can also audit installed extensions for recent updates, especially newly published or low-reputation Open VSX extensions, to protect their environments from bad code. "The important thing to remember when it comes to extension security is that  a clean initial version is no longer enough to establish trust," Burckhardt says. "Organizations need continuous monitoring of extension updates and transitive installation behavior, because these campaigns are increasingly designed to become malicious only after publication." To help developers recognize malicious extensions related to GlassWorm, the Socket team included a list of indicators of compromise (IoCs) in their report that features the confirmed malware-activated extensions as well as sleeper extensions. The researchers also included IoCs related to native installer binaries and various payloads, including a downloaded VSX payload and links to GitHub payload hosting sites. This story was updated at 12:25 p.m. on April 28 to reflect comments from Socket. About the Author Elizabeth Montalbano Contributing Writer Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking. Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports The Agentic SOC: Exploring the Practitioner Mindset as AI Permeates SecOps The Total Economic Impact™ Of Google SecOps The Business Value of Google Threat Intelligence The Total Economic Impact™ Of Google SecOps AI-driven SecOps: Transforming Financial Services Security Access More Research Webinars How Well Can You See What's in Your Cloud? Implementing CTEM: Beyond Vulnerability Management Defending Against AI-Powered Attacks: The Evolution of Adversarial Machine Learning Tips for Managing Cloud Security in a Hybrid Environment? Zero Trust Architecture for Cloud environments: Implementation Roadmap More Webinars You May Also Like APPLICATION SECURITY Supply Chain Attack Secretly Installs OpenClaw for Cline Users by Rob Wright FEB 19, 2026 APPLICATION SECURITY Chinese Hackers Hijack Notepad++ Updates for 6 Months by Jai Vijayan, Contributing Writer FEB 02, 2026 APPLICATION SECURITY Trump Administration Rescinds Biden-Era Software Guidance by Alexander Culafi JAN 29, 2026 APPLICATION SECURITY Microsoft Fixes Exploited Zero Day in Light Patch Tuesday by Jai Vijayan, Contributing Writer DEC 09, 2025 Editor's Choice СLOUD SECURITY Navigating the Unique Security Risks of Asia's Digital Supply Chain byAlexander Culafi APR 15, 2026 3 MIN READ CYBERATTACKS & DATA BREACHES Stuxnet, The Prequel: Earlier Version Of Cyberweapon Discovered byKelly Jackson Higgins FEB 26, 2013 5 MIN READ Want more Dark Reading stories in your Google search results? 2026 Security Trends & Outlooks THREAT INTELLIGENCE Cybersecurity Predictions for 2026: Navigating the Future of Digital Threats JAN 2, 2026 CYBER RISK Navigating Privacy and Cybersecurity Laws in 2026 Will Prove Difficult JAN 12, 2026 ENDPOINT SECURITY CISOs Face a Tighter Insurance Market in 2026 JAN 5, 2026 THREAT INTELLIGENCE 2026: The Year Agentic AI Becomes the Attack-Surface Poster Child JAN 30, 2026 Download the Collection LOADING... Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE Webinars How Well Can You See What's in Your Cloud? THURS, JUNE 4, 2026 AT 1:00PM EST Implementing CTEM: Beyond Vulnerability Management THURS, MAY 21, 2026 AT 1PM EST Defending Against AI-Powered Attacks: The Evolution of Adversarial Machine Learning MON, MAY 11, 2026 AT 1:00PM ET Zero Trust Architecture for Cloud environments: Implementation Roadmap TUES, MAY 12, 2026 AT 1PM EST Tips for Managing Cloud Security in a Hybrid Environment? THURS, MAY 7, 2026 AT 1PM EST More Webinars White Papers 7 best practices for secrets lifecycle management Reinventing the SOC with agentic AI Enhancing SecOps with Google Threat Intelligence Enhancing SecOps with Google Threat Intelligence Enhancing SecOps with Google Threat Intelligence Explore More White Papers BLACK HAT ASIA | MARINA BAY SANDS, SINGAPORE Experience cutting-edge cybersecurity insights in this four-day event featuring expert Briefings on the latest research, Arsenal tool demos, a vibrant Business Hall, networking opportunities, and more. Use code DARKREADING for a Free Business Pass or $200 off a Briefings Pass. GET YOUR PASS