GlassWorm malware resurfaces through 73 sleeper OpenVSX extensions
▼ Summary
– A new Glassworm campaign targets the OpenVSX ecosystem with 73 “sleeper” extensions that are benign initially but turn malicious after an update.
– Six of these extensions have been activated to deliver malware; researchers believe the rest are dormant or suspicious.
– The extensions are clones of legitimate listings, using similar icons and names to trick developers who do not check details closely.
– Instead of carrying malware directly, the extensions act as thin loaders that fetch malicious payloads from GitHub, via compiled modules, or through obfuscated JavaScript.
– Developers who installed any of the 73 listed extensions should rotate all secrets and clean their environments.
A newly identified wave of the GlassWorm campaign has infiltrated the OpenVSX ecosystem, deploying 73 sleeper extensions that remain harmless until a post-installation update triggers their malicious payload. According to cybersecurity firm Socket, only six of these extensions have been activated so far, delivering malware to unsuspecting users. The remaining 67 are assessed with high confidence to be either dormant or highly suspicious.
This tactic marks a strategic shift for the attackers. Instead of embedding malicious code from the start, they now upload benign extensions that later reveal their true intent through a delayed payload. “This count may change as new updates continue to appear, but the pattern is consistent with earlier GlassWorm waves,” Socket researchers noted.
First observed in October 2025, GlassWorm is an ongoing supply chain attack that initially relied on invisible Unicode characters to conceal code stealing cryptocurrency wallets and developer credentials. The campaign has since expanded across multiple platforms, including GitHub repositories, npm packages, and both the Visual Studio Code Marketplace and OpenVSX. It has also targeted macOS users with trojanized crypto wallet clients.
A massive wave in mid-March 2026 affected hundreds of repositories and dozens of extensions. However, the scale of such operations creates noise, and multiple research teams caught the activity early, helping to block it. The latest wave suggests the attackers are refining their approach by flooding a single ecosystem with innocuous clones and reserving the malicious update for later.
Socket identified that the 73 new extensions are clones of legitimate listings, designed to deceive developers who focus only on visuals. In one case, the attacker copied the exact icon, similar naming, and description. The main giveaways are the publisher name and unique identifier. Rather than carrying malware directly, these extensions act as thin loaders that fetch the payload through one of these methods:
- Retrieving a secondary VSIX package from GitHub at runtime and installing it via CLI commands.Socket did not disclose technical details about the latest payload. Earlier GlassWorm attacks focused on stealing cryptocurrency wallet data, credentials, access tokens, SSH keys, and developer environment information. The company has published the full list of the 73 suspected extensions. Developers who installed any of them should rotate all secrets and thoroughly clean their environments.
