Attackers tied to the GlassWorm campaign have planted a new set of 73 “sleeper” extensions on Open VSX, with six being activated to deliver malware,Socket reported Saturday. GlassWormmalware targets the Microsoft VS Code extension ecosystem and aims to exfiltrate Open VSX, GitHub, npm and cryptocurrency wallet details in order to steal cryptocurrency and self-propagate using stolen credentials to publish more infected extensions. The campaign has been active since at least October 2025.In March,Socket discoverednearly 100 new malicious Open VSX extensions tied to the campaign, along with about 20 related “sleeper” extensions that did not yet contain malicious content.The company also discovered that the campaign began using malicious dependencies and imports of malware hosted on GitHub to deliver GlassWorm rather than including malicious code directly in extensions.The latest cluster of 73 extensions continues this pattern of evading detection through the use of seemingly benign impersonation extensions that are later activated with new “extensionPack” and “extensionDependencies” manifest fields, or by retrieving malware from external sources.“The extension’s source code alone no longer reflects the behavior it ultimately runs. By shifting critical logic outside of what tools typically scan, and spreading it across multiple delivery mechanisms, the threat actor increases the likelihood of evading detection,” the Socket Research Team wrote.GlassWorm extensions typically impersonate other extensions by using a similar name and copying the legitimate extension’s icon, description and README content. Six extensions confirmed to be malicious in the latest cluster include those impersonating theMonochromator theme,AutoAntigravity,IronPLC,VS Code Pets,HTML-validateandVersion Lens.In some cases, the attacker added new extensionPack or extensionDependencies manifest fields that cause the extension to automatically install another malicious extension as a dependency. In other cases, code is added to install .vsix files hosted on GitHub, sometimes using native binaries and other times utilizing heavily obfuscated JavaScript that is decoded at runtime.As of Monday afternoon, both the confirmed malicious and suspected sleeper extensions were no longer available on the Open VSX marketplace. To combat the evolving GlassWorm campaign, Socket recommends reviewing manifest diffs for new extensionPack and extensionDependencies additions, as well as reviewing extensions’ update/install chains, rather than just their code, to detect potential malicious changes.Developers should also be wary of potential sleeper extensions that appear benign, but may receive malicious updates in the future, by looking for signs of impersonation such as a low install count or incorrect publisher name.
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
