In November 2025, cybersecurity researchers reported a new wave of malware targeting Visual Studio Code (VS Code) extensions. The campaign, called GlassWorm, was first identified by Koi Security in late October and has since resurfaced on other extensions.

Three extensions are still available in the Open VSX registry, a public repository that mirrors the Microsoft Extension Marketplace. The affected extensions are ai-driven-dev (3,402 downloads), adhamu.history-in-sublime-merge (4,057 downloads) and yasuyuky.transient-emacs (2,431 downloads). The extensions contained code hidden with invisible Unicode characters, a technique that hides malicious payloads from ordinary code reviews and static analysis tools.

Glassworm

GlassWorm’s objectives are threefold: first, it collects login credentials from the Open VSX registry, GitHub and various cryptocurrency wallet extensions; second, it robs funds from some 49 wallet extensions; and third, it installs additional tools that enable remote access to infected machines. The malware also spreads further by using the stolen login credentials to compromise other extensions.

Open VSX discovered the malicious extensions on Oct. 21, after which it removed them and rotated the associated access tokens. Despite these measures, recent analysis by Koi Security indicates that it is still possible to infect new extensions via the same Unicode trick. In addition, a new transaction on the Solana blockchain was observed. This transaction contained an updated C2 endpoint, which enables the malware to download the next payload. According to researchers Idan Dardikman, Yuval Ronen and Lotan Sery of Koi Security, the use of blockchain for command-and-control (C2) illustrates the attackers’ resilience: even when a hosting server goes offline, a low-cost transaction is sufficient to publish a new endpoint, after which infected systems automatically retrieve the new location.

Distribution

During additional research, the security vendor identified an endpoint that had been inadvertently exposed on the attacker’s server. The endpoint yielded a partial list of victims spread across the United States, South America, Europe and Asia, including a key government agency in the Middle East. The suspected origin of the malware came to light via keylogger data, presumably from a machine owned by the attackers themselves. Analysts identified the threat actor as Russian-speaking and discovered that it uses the open-source browser extension-C2 framework RedExt.

In a related study, Aikido Security published findings showing that GlassWorm has broadened its focus to GitHub. Stolen GitHub login credentials are now being used to push malicious commits into repositories, increasing the potential damage to open source projects.