Cybersecurity researchers have found a self-propagating worm that spreads by way of Visible Studio Code (VS Code) extensions on the Open VSX Registry and the Microsoft Extension Market, underscoring how builders have grow to be a first-rate goal for assaults.
The subtle risk, codenamed GlassWorm by Koi Safety, is the second such provide chain assault to hit the DevOps area inside a span of a month after the Shai-Hulud worm that focused the npm ecosystem in mid-September 2025.
What makes the assault stand out is using the Solana blockchain for command-and-control (C2), making the infrastructure resilient to takedown efforts. It additionally makes use of Google Calendar as a C2 fallback mechanism.
One other novel side is that the GlassWorm marketing campaign depends on “invisible Unicode characters that make malicious code actually disappear from code editors,” Idan Dardikman said in a technical report. “The attacker used Unicode variation selectors – particular characters which are a part of the Unicode specification however do not produce any visible output.”
The top aim of the assault is to reap npm, Open VSX, GitHub, and Git credentials, drain funds from 49 completely different cryptocurrency pockets extensions, deploy SOCKS proxy servers to show developer machines into conduits for legal actions, set up hidden VNC (HVNC) servers for distant entry, and weaponize the stolen credentials to compromise further packages and extensions for additional propagation.
The names of the contaminated extensions, 13 of them on Open VSX and one on the Microsoft Extension Market, are listed beneath. These extensions have been downloaded about 35,800 occasions. The primary wave of infections befell on October 17, 2025. It is at present not identified how these extensions have been hijacked.
- codejoy.codejoy-vscode-extension 1.8.3 and 1.8.4
- l-igh-t.vscode-theme-seti-folder 1.2.3
- kleinesfilmroellchen.serenity-dsl-syntaxhighlight 0.3.2
- JScearcy.rust-doc-viewer 4.2.1
- SIRILMP.dark-theme-sm 3.11.4
- CodeInKlingon.git-worktree-menu 1.0.9 and 1.0.91
- ginfuru.better-nunjucks 0.3.2
- ellacrity.recoil 0.7.4
- grrrck.positron-plus-1-e 0.0.71
- jeronimoekerdt.color-picker-universal 2.8.91
- srcery-colors.srcery-colors 0.3.9
- sissel.shopify-liquid 4.0.1
- TretinV3.forts-api-extention 0.3.1
- cline-ai-main.cline-ai-agent 3.1.3 (Microsoft Extension Market)
The malicious code hid inside the extensions is designed to seek for transactions related to an attacker-controlled wallet on the Solana blockchain, and if discovered, it proceeds to extract a Base64-encoded string from the memo field that decodes to the C2 server (“217.69.3[.]218” or “199.247.10[.]166”) used for retrieving the next-stage payload.
The payload is an data stealer that captures credentials, authentication tokens, and cryptocurrency pockets knowledge, and reaches out to a Google Calendar occasion to parse one other Base64-encoded string and make contact with the identical server to acquire a payload codenamed Zombi. The info is exfiltrated to a distant endpoint (“140.82.52[.]31:80”) managed by the risk actor.
Written in JavaScript, the Zombi module primarily turns a GlassWorm an infection right into a full-fledged compromise by dropping a SOCKS proxy, WebRTC modules for peer-to-peer communication, BitTorrent’s Distributed Hash Desk (DHT) for decentralized command distribution, and HVNC for distant management.
The issue is compounded by the truth that VS Code extensions are configured to auto-update, permitting the risk actors to push the malicious code routinely with out requiring any person interplay.
“This is not a one-off provide chain assault,” Dardikman mentioned. “It is a worm designed to unfold by way of the developer ecosystem like wildfire.”
“Attackers have discovered the right way to make provide chain malware self-sustaining. They are not simply compromising particular person packages anymore – they’re constructing worms that may unfold autonomously by way of your entire software program growth ecosystem.”
The event comes as using blockchain for staging malicious payloads has witnessed a surge as a result of its pseudonymity and suppleness, with even risk actors from North Korea leveraging the method to orchestrate their espionage and financially motivated campaigns.
