A new cyber threat is affecting developers worldwide who work with Visual Studio Code. Researchers at Koi Security have discovered an attack they call GlassWorm. It is a worm that spreads itself via infected VS Code extensions.
According to Koi Security, it is the first attack of its kind to use so-called invisible Unicode characters, which make malicious code literally invisible to developers and security tools.
The attack began on the OpenVSX Marketplace, the open-source alternative to Microsoft’s own extension marketplace. A popular extension called CodeJoy was found to be infected when version 1.8.3 was released. The malware inserted itself between the regular source code, but by using special Unicode characters, it appeared to the naked eye as if nothing was wrong. Even a manual code inspection showed no abnormalities. This technique breaks the fundamental principle that human code control is sufficient to detect malicious additions.
Solana blockchain as infrastructure
GlassWorm goes beyond a traditional supply chain attack. The malware uses the Solana blockchain as its command-and-control infrastructure. Instead of receiving instructions from a central server, the worm reads data from the memo field of Solana transactions. This makes communication permanent, anonymous, and impossible to block. As a backup mechanism, the attacker even uses a Google Calendar event that hides an encrypted link to new instructions. This keeps the network active even if certain parts are removed.
Koi Security discovered that the worm is distributed not only via OpenVSX but also via npm and GitHub, reports Heise. GlassWorm uses stolen authentication tokens to publish malicious packages and compromise legitimate repositories. This creates a self-reinforcing ecosystem in which every infected developer unintentionally helps to spread the worm further.
The final stage of the attack, known as the Zombi module, also installs a remote access trojan that turns the affected computer into a SOCKS proxy server. This is controlled via peer-to-peer connections with WebRTC, while commands are exchanged via the BitTorrent network. This creates a fully distributed infrastructure without a central control point.
Malware takes advantage of automatic updates
Koi Security reports that at least seven extensions were infected on October 17 and that one infected extension has since appeared on Microsoft’s official VS Code Marketplace. A total of around 35,800 installations are believed to have been affected. Because VS Code extensions update automatically, users can become victims without installing or confirming anything.
According to a report by Infoworld, this is not the first incident of its kind. Last month, a similar worm was discovered in the open source NPM repository, and other campaigns such as the TigerJack attack on VS Code extensions were also recently uncovered. The spread of GlassWorm is part of a broader trend in which malicious actors use marketplaces for development tools as a gateway for supply chain attacks.
Security experts warn that organizations should treat this as an immediate security incident. Chief information security officers are advised to initiate their incident response process, take inventory of which extensions are in use, and monitor suspicious processes. Developer environments are particularly at risk because extensions in VS Code have full access to system and network resources.