GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers

This article covers the GlassWorm supply-chain malware campaign targeting developers through malicious VS Code extensions in the Open VSX registry.

• •At least 72 malicious Open VSX extensions were discovered since January 31, 2026, mimicking developer tools like linters, formatters, and AI coding assistants such as Claude Code and Google Antigravity
• •The campaign now abuses extensionPack and extensionDependencies fields in package.json to turn initially benign-looking extensions into transitive malicious payload delivery vehicles after trust is established
• •Extensions check for Russian locale to avoid self-infection and use Solana transactions as a dead drop resolver for C2 server communication, while rotating wallets to evade detection
• •Over 151 GitHub repositories were compromised between March 3–9, 2026, using invisible Unicode characters to hide payloads inside realistic-looking commits such as documentation tweaks and bug fixes, likely generated by LLMs