Oct 24, 2025Ravie LakshmananDevOps / Malware

Cybersecurity researchers have discovered a self-propagating worm that spreads via Visual Studio Code (VS Code) extensions on the Open VSX Registry and the Microsoft Extension Marketplace, underscoring how developers have become a prime target for attacks.

The sophisticated threat, codenamed GlassWorm by Koi Security, is the second such supply chain attack to hit the DevOps space within a span of a month after the Shai-Hulud worm that targeted the npm ecosystem in mid-September 2025.

What makes the attack stand out is the use of the Solana blockchain for command-and-control (C2), making the infrastructure resilient to takedown efforts. It also uses Google Calendar as a C2 fallback mechanism.

Another novel aspect is that the GlassWorm campaign relies on “invisible Unicode characters that make malicious code literally disappear from code editors,” Idan Dardikman said in a technical report. “The attacker used Unicode variation selectors – special characters that are part of the Unicode specification but don’t produce any visual output.”

The end goal of the attack is to harvest npm, Open VSX, GitHub, and Git credentials, drain funds from 49 different cryptocurrency wallet extensions, deploy SOCKS proxy servers to turn developer machines into conduits for criminal activities, install hidden VNC (HVNC) servers for remote access, and weaponize the stolen credentials to compromise additional packages and extensions for further propagation.

The names of the infected extensions, 13 of them on Open VSX and one on the Microsoft Extension Marketplace, are listed below. These extensions have been downloaded about 35,800 times. The first wave of infections took place on October 17, 2025. It’s currently not known how these extensions were hijacked.

• codejoy.codejoy-vscode-extension 1.8.3 and 1.8.4
• l-igh-t.vscode-theme-seti-folder 1.2.3
• kleinesfilmroellchen.serenity-dsl-syntaxhighlight 0.3.2
• JScearcy.rust-doc-viewer 4.2.1
• SIRILMP.dark-theme-sm 3.11.4
• CodeInKlingon.git-worktree-menu 1.0.9 and 1.0.91
• ginfuru.better-nunjucks 0.3.2
• ellacrity.recoil 0.7.4
• grrrck.positron-plus-1-e 0.0.71
• jeronimoekerdt.color-picker-universal 2.8.91
• srcery-colors.srcery-colors 0.3.9
• sissel.shopify-liquid 4.0.1
• TretinV3.forts-api-extention 0.3.1
• cline-ai-main.cline-ai-agent 3.1.3 (Microsoft Extension Marketplace)

The malicious code concealed within the extensions is designed to search for transactions associated with an attacker-controlled wallet on the Solana blockchain, and if found, it proceeds to extract a Base64-encoded string from the memo field that decodes to the C2 server (“217.69.3[.]218” or “199.247.10[.]166”) used for retrieving the next-stage payload.

The payload is an information stealer that captures credentials, authentication tokens, and cryptocurrency wallet data, and reaches out to a Google Calendar event to parse another Base64-encoded string and contact the same server to obtain a payload codenamed Zombi. The data is exfiltrated to a remote endpoint (“140.82.52[.]31:80”) managed by the threat actor.

Written in JavaScript, the Zombi module essentially turns a GlassWorm infection into a full-fledged compromise by dropping a SOCKS proxy, WebRTC modules for peer-to-peer communication, BitTorrent’s Distributed Hash Table (DHT) for decentralized command distribution, and HVNC for remote control.

The problem is compounded by the fact that VS Code extensions are configured to auto-update, allowing the threat actors to push the malicious code automatically without requiring any user interaction.

“This isn’t a one-off supply chain attack,” Dardikman said. “It’s a worm designed to spread through the developer ecosystem like wildfire.”

“Attackers have figured out how to make supply chain malware self-sustaining. They’re not just compromising individual packages anymore – they’re building worms that can spread autonomously through the entire software development ecosystem.”

The development comes as the use of blockchain for staging malicious payloads has witnessed a surge due to its pseudonymity and flexibility, with even threat actors from North Korea leveraging the technique to orchestrate their espionage and financially motivated campaigns.