Cybersecurity researchers have uncovered a sophisticated evolution of the GlassWorm malware campaign that exploits the Open VSX registry by using legitimate extension dependencies to deliver malicious payloads. By mimicking popular developer tools and using AI-generated commits to appear authentic, the attackers have successfully compromised numerous extensions and over 150 GitHub repositories to steal credentials and cryptocurrency.
The GlassWorm malware campaign has entered a more dangerous phase by exploiting the way developer tools handle dependencies. Instead of including malicious code directly in a new upload, attackers are now using the extensionPack and extensionDependencies settings within the Open VSX registry. This allows an initially harmless extension to pass security checks and gain user trust before a later update forces the installation of a separate, malicious extension. This transitive delivery method makes it much harder for developers to spot the threat, as the primary tool they installed may still appear functional and safe.
Recent investigations by security firms have identified at least 72 malicious extensions and over 150 affected GitHub repositories. These threats often masquerade as essential utilities like code formatters, debuggers, or integrations for AI assistants such as Claude and Google Antigravity. To further evade detection, the attackers employ heavy code obfuscation and use invisible Unicode characters to hide their scripts. These hidden payloads are designed to drain cryptocurrency wallets, steal sensitive login secrets, and turn infected developer machines into proxies for further criminal activity.
A key hallmark of this campaign is its high level of technical resilience. The malware uses Solana blockchain transactions as a dead drop resolver, allowing it to retrieve command-and-control server addresses in a way that is difficult for authorities to shut down. Additionally, the code includes specific checks to avoid infecting systems with a Russian locale, a common tactic used by certain cybercriminal groups to avoid local law enforcement scrutiny. The attackers frequently rotate their digital wallets and infrastructure to stay one step ahead of automated security scanners.
The sophistication of the campaign extends to the way it infiltrates open-source projects. Researchers believe the threat actors are using large language models to generate highly convincing “cover commits.” Instead of looking like obvious hacks, the malicious injections are tucked inside realistic-looking documentation updates, bug fixes, or minor refactors that match the coding style of the target project. This level of tailoring makes it significantly more likely that a project maintainer will unknowingly approve a pull request containing the hidden malware.
The coordinated nature of this push across Open VSX, npm, and GitHub highlights a growing trend in supply chain attacks. By targeting the tools that developers use to build software, the GlassWorm actors can compromise entire organizations from the ground up. Security experts warn that even a package that starts out as benign can be weaponized later through its dependency tree, requiring developers to be increasingly vigilant about the hidden relationships between the tools they install in their integrated development environments.
Source: GlassWorm Supply Chain Attack Exploits 72 Open VSX Extensions Targeting Developers