GlassWorm Malware Evolves to Hide in Dependencies

APPLICATION SECURITY CYBER RISK THREAT INTELLIGENCE IDENTITY & ACCESS MANAGEMENT SECURITY NEWS GlassWorm Malware Evolves to Hide in Dependencies Researchers have identified dozens of malicious GlassWorm extensions that come with new evasion techniques. Alexander Culafi,Senior News Writer,Dark Reading March 16, 2026 4 Min Read SOURCE: BRENT HOFACKER VIA ALAMY STOCK PHOTO The infamous GlassWorm malware has infected dozens more Open VSX software packages, according to new research. GlassWorm is a family of malware that first emerged last year with the goal of infecting software developers with infostealers, which attackers would use for downstream attacks. A developer would download a component poisoned by GlassWorm, the malware would steal secrets and credentials, and then the attacker would abuse this access to publish poisoned versions of projects maintained by that victim. A downstream victim would download that poisoned package and continue the spread of the malware.  GlassWorm will also impersonate well-known software packages in an effort to trick developers and end users into installing a malicious application. GlassWorm primarily targets extensions on Open VSX — an open source alternative to Microsoft's Visual Studio Marketplace. It's not just Microsoft and Open VSX credentials being targeted; GlassWorm has historically stolen NPM, GitHub, and Git credentials, as well as cryptocurrency wallets, macOS system data, Web browser data, keychain databases, Apple Notes databases, Safari cookies, VPN configurations, and more.  Related:Real-Time Banking Trojan Strikes Brazil's Pix Users GlassWorm also sits in the lineage of the Shai-hulud self-replicating malware targeting the NPM ecosystem (as well as its successors), though GlassWorm is technically not self-replicating in the same sense. Since the summer, threat actors have aggressively targeted the open source development community with these worms and show no signs of slowing down.  Software development security vendor Socket on March 13 published research concerning 72 malicious Open VSX extensions linked to the GlassWorm malware campaign. While GlassWorm is already considered a stealthy malware, recent infections suggest even further evolution.  GlassWorm Now Uses Transitive Dependencies Much of the evasion trickery seen in recent GlassWorm iterations remains, Socket's research team said. That includes staged JavaScript-based loaders, geofencing to avoid Russian victims, using Solana blockchain transaction memos to connect to a command-and-control server with one step removed from poisoned software packages, and in-memory follow-on code execution — except "they now rotate infrastructure and loader logic more aggressively," Socket's blog read. But the most important shift is GlassWorm's move to transitive loader delivery, where malicious listings include the extensions "extensionPack" and "extensionDependencies." In short, a poisoned package may now initially look safe because it doesn't include the loader directly in its files; rather, it uses an extension to connect to GlassWorm's infostealing capabilities, adding yet another layer of removal. Socket called this an evolution of the malware as well as a "significant escalation in how it spreads through Open VSX." Related:Xygeni GitHub Action Compromised Via Tag Poison "In practice, this means a user can install an extension that appears non-malicious on its own, while still receiving GlassWorm through its declared extension relationship. This lowers the visibility of the malicious component, broadens the threat actor’s reach, and complicates both manual review and registry-side triage," Socket's research team wrote. This latest wave of packages primarily impersonates widely used developer extensions. GlassWorm threat actors will attempt to trick users into downloading extensions by inflating download counts into the thousands in order to convey trustworthiness and popularity. A list of malicious extensions Socket has identified is available in the blog post. An Outlook for GlassWorm and Similar Malware While Open VSX has removed most transitive malicious extensions, Socket said at the time of writing that some examples were still up, suggesting work was ongoing. In an email, Philipp Burckhardt, technical lead for threat research at Socket, tells Dark Reading that it has identified more than 20 additional Open VSX extensions linked to this GlassWorm campaign. The team expects that number to grow. Related:Microsoft Patches 83 CVEs in March Update Burckhardt says organizations should take this and similar campaigns seriously because "developer tooling ecosystems have become an effective distribution channel for malware," in part because of the valuable data and credentials present on developer machines. The vendor recommends that organizations audit extensions for version-to-version changes involving extensionPack and extensionDependencies; review install and update chains; and hunt for common GlassWorm indicators including staged loaders, Russian gating, and Solana memo lookups.  "GlassWorm is moving toward less visible, more resilient delivery: later-version manifest changes, transitive installation paths, heavier obfuscation, rotating Solana wallets and infrastructure, and threat actor-controlled decryption material," the blog post read. "Defenders should expect more extensions that look benign at publication, then become malicious through updates that add extensionPack or extensionDependencies. That model is likely to spread because it hides the real malicious component behind normal extension-management behavior." About the Author Alexander Culafi Senior News Writer, Dark Reading Alex is an award-winning writer, journalist, and podcast host based in Boston. After cutting his teeth writing for independent gaming publications as a teenager, he graduated from Emerson College in 2016 with a Bachelor of Science in journalism. He has previously been published on VentureFizz, Search Security, Nintendo World Report, and elsewhere. In his spare time, Alex hosts the weekly Nintendo podcast Talk Nintendo Podcast and works on personal writing projects, including two previously self-published science fiction novels. More Insights Industry Reports Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report The ROI of AI in Security Cybersecurity Forecast 2026 ThreatLabz 2025 Ransomware Report Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars You May Also Like APPLICATION SECURITY Trump Administration Rescinds Biden-Era Software Guidance by Alexander Culafi JAN 29, 2026 APPLICATION SECURITY Huge NPM Supply Chain Attack Goes Out With Whimper by Alexander Culafi SEP 09, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 APPLICATION SECURITY Gmail for Sensitive Comms: What's the Risk? by Becky Bracken, Senior Editor, Dark Reading APR 04, 2025 Editor's Choice CYBERSECURITY OPERATIONS Why Stryker's Outage Is a Disaster Recovery Wake-Up Call byJai Vijayan MAR 12, 2026 5 MIN READ APPLICATION SECURITY Microsoft Patches 83 CVEs in March Update byJai Vijayan MAR 11, 2026 4 MIN READ THREAT INTELLIGENCE Commercial Spyware Opponents Fear US Policy Shifting byRob Wright MAR 12, 2026 9 MIN READ Want more Dark Reading stories in your Google search results? 2026 Security Trends & Outlooks THREAT INTELLIGENCE Cybersecurity Predictions for 2026: Navigating the Future of Digital Threats JAN 2, 2026 CYBER RISK Navigating Privacy and Cybersecurity Laws in 2026 Will Prove Difficult JAN 12, 2026 ENDPOINT SECURITY CISOs Face a Tighter Insurance Market in 2026 JAN 5, 2026 THREAT INTELLIGENCE 2026: The Year Agentic AI Becomes the Attack-Surface Poster Child JAN 30, 2026 Download the Collection Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE Webinars Building a Robust SOC in a Post-AI World THURS, MARCH 19, 2026 AT 1PM EST Retail Security: Protecting Customer Data and Payment Systems THURS, APRIL 2, 2026 AT 1PM EST Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need WED, APRIL 1, 2026 AT 1PM EST Securing Remote and Hybrid Work Forecast: Beyond the VPN TUES, MARCH 10, 2026 AT 1PM EST AI-Powered Threat Detection: Beyond Traditional Security Models WED, MARCH 25, 2026 AT 1PM EST More Webinars White Papers Autonomous Pentesting at Machine Speed, Without False Positives Fixing Organizations' Identity Security Posture Best practices for incident response planning Industry Report: AI, SOC, and Modernizing Cybersecurity The Threat Prevention Buyer's Guide: Find the best AI-driven threat protection solution to stop file-based attacks. Explore More White Papers GISEC GLOBAL 2026 GISEC GLOBAL is the most influential and the largest cybersecurity gathering in the Middle East & Africa, uniting global CISOs, government leaders, technology buyers, and ethical hackers for three power-packed days of innovation, strategy, and live cyber drills. 📌 BOOK YOUR SPACE