The Glassworm campaign is proving to be more persistent than expected. After malicious extensions appeared in both the OpenVSX environment and the Microsoft Visual Studio Marketplace in October, a third wave has now been detected.
According to BleepingComputer, research by Secure Annex shows that attackers are once again publishing malicious packages under names that closely resemble well-known and widely used developer tools. After being admitted to the marketplace, the publishers implement an update that conceals the malware. By artificially inflating download figures, these packages also appear higher in search results, making them appear more trustworthy.
As Techzine reported when the first attack was discovered, Glassworm used invisible Unicode characters to hide malicious code from view completely. This makes an extension appear legitimate to reviewers, while in fact, modules are added that can compromise GitHub, npm, and OpenVSX accounts, among others. The victim’s system is also used as a proxy, and a remote-access component is installed, granting attackers unseen access.
OpenVSX announced in early November that the incident had been contained. Access tokens had been rotated, their lifespan had been limited, and new extensions would now be scanned automatically. In addition, OpenVSX collaborated with other marketplaces to better manage risks. However, the latest wave of infections shows that attackers are once again able to infiltrate systems with new accounts and packages.
Glassworm is almost impossible to block
Glassworm also has a complex infrastructure. Analyses show that the malware uses the Solana blockchain to retrieve instructions, enabling a distributed command-and-control mechanism that is almost impossible to block. As a fallback mechanism, information is retrieved from a hidden Google Calendar item, while parts of the attack are distributed via peer-to-peer connections such as WebRTC and BitTorrent. In the most recent variants, Rust-based implants are also found.
Thousands of installations have already been infected in previous incidents, partly because VS Code extensions are updated automatically. At the same time, Glassworm also spreads via npm and GitHub, where stolen tokens are used to publish packages and manipulate repositories. This creates a broader supply chain effect that is not limited to a single platform.
Microsoft says it continues to refine its detection capabilities and emphasizes that users should report suspicious extensions via the reporting function on the marketplace. Security specialists warn that organizations should treat such incidents as potential supply chain incidents, especially since development environments typically have deep system and network access.