The GlassWorm malware campaign, which impacted the OpenVSX and Visual Studio Code marketplaces last month, has returned with three new VSCode extensions that have already been downloaded over 10,000 times.
GlassWorm is a campaign and malware that leverages Solana transactions to fetch a payload targeting GitHub, NPM, and OpenVSX account credentials, as well as cryptocurrency wallet data from 49 extensions.
The malware uses invisible Unicode characters that render as blanks, but execute as JavaScript to facilitate malicious actions.
It first appeared via 12 extensions on Microsoft’s VS Code and OpenVSX marketplaces, which were downloaded 35,800 times. However, it is believed that the number of downloads was inflated by the threat actor, making the full impact of the campaign unknown.
In response to this compromise, Open VSX rotated access tokens for an undisclosed number of accounts breached by GlassWorm, implemented security enhancements, and marked the incident as closed.
GlassWorm returns
According to Koi Security, which has been tracking the campaign, the attacker has now returned to OpenVSX, using the same infrastructure but with updated command-and-control (C2) endpoints and Solana transactions.
The three OpenVSX extensions carrying the GlassWorm payload are:
- ai-driven-dev.ai-driven-dev — 3,400 downloads
- adhamu.history-in-sublime-merge — 4,000 downloads
- yasuyuky.transient-emacs — 2,400 downloads
Koi Security says all three extensions use the same invisible Unicode character obfuscation trick as the original files. Evidently, this remains effective at bypassing OpenVSX’s newly introduced defenses.
Source: Koi Security
As Aikido reported earlier, GlassWorm operators weren’t deterred by last month’s exposure and had already pivoted to GitHub, but the return to OpenVSX via new extensions shows an intention to resume operations across multiple platforms.
Attack infrastructure exposed
Through an anonymous tip, Koi Security was able to access the attackers’ server and obtain key data on the victims impacted by this campaign.
The retrieved data indicates global reach, with GlassWorm found on systems across the United States, South America, Europe, Asia, and a government entity in the Middle East.
Regarding the operators themselves, Koi reports they are Russian-speaking and use the RedExt open-source C2 browser extension framework.
Source: Koi Security
The researchers shared all data with law enforcment, including user IDs for multiple cryptocurrency exchanges and messaging platforms, and a plan to inform impacted organizations is being coordinated.
Koi Security told BleepingComputer that they have identified 60 distinct victims so far, noting that they retrieved only a partial list from a single exposed endpoint.
As of writing, the three extensions with the GlassWorm payload remain available for download on OpenVSX.
As MCP (Model Context Protocol) becomes the standard for connecting LLMs to tools and data, security teams are moving fast to keep these new services safe.
This free cheat sheet outlines 7 best practices you can start using today.
