Full Report
Cybersecurity researchers have disclosed a new set of three extensions associated with the GlassWorm campaign, indicating continued attempts on part of threat actors to target the Visual Studio Code (VS Code) ecosystem. The extensions in question, which are still available for download, are listed below - ai-driven-dev.ai-driven-dev (3,402 downloads) adhamu.history-in-sublime-merge (4,057
Analysis Summary
# Tool/Technique: GlassWorm via Malicious VS Code Extensions
## Overview
GlassWorm is a malware campaign that utilizes malicious Visual Studio Code (VS Code) extensions distributed via the Open VSX Registry (and previously the Microsoft Extension Marketplace) to compromise developer environments. Its primary goals include credential harvesting (Open VSX, GitHub, Git), cryptocurrency wallet draining, and establishing remote access backdoors. The campaign exhibits worm-like self-replication behavior.
## Technical Details
- Type: Malware Campaign / Supply Chain Attack
- Platform: Target environments running Visual Studio Code, focused initially on credential exposure related to developer tools and ecosystems.
- Capabilities: Credential theft, cryptocurrency theft, sideloading of secondary payloads, self-propagation via extension compromise.
- First Seen: Late last month (October 2025, based on context).
## MITRE ATT&CK Mapping
Since the malware is delivered via user-installed legitimate software platforms (VS Code extensions), the initial access and execution pathways are relevant:
- **TA0001 - Initial Access**
- T1190 - Exploit Public-Facing Application (If the marketplace itself is perceived as the entry vector)
- T1583.003 - Purchase Infrastructure: Domains (Implied, for C2 hosting/updates)
- **TA0002 - Execution**
- T1059.005 - Command and Scripting Interpreter: Visual Studio Extensions (Specific to execution within the extension environment)
- **TA0006 - Credential Access**
- T1003 - OS Credential Dumping (Implied, to acquire Git/Open VSX tokens)
- **TA0007 - Discovery**
- T1083 - File and Directory Discovery (To locate sensitive files for credential harvesting)
- **TA0011 - Command and Control**
- T1071.001 - Application Layer Protocol: Web Protocols (Used for C2 communication, including blockchain transactions for updates)
## Functionality
### Core Capabilities
- **Code Editor Targeting:** Leverages VS Code extensions as a delivery vector after installation by unsuspecting users.
- **Credential Harvesting:** Steals Open VSX, GitHub, and Git credentials.
- **Financial Theft:** Drains funds from compromised cryptocurrency wallet extensions (notably 49 different ones).
- **Obfuscation:** Uses invisible Unicode characters within the extension code to hide malicious logic from static analysis and visual inspection.
### Advanced Features
- **Self-Replication (Worm-like Behavior):** Compromises additional extensions using stolen credentials, allowing it to spread across the ecosystem with minimal external intervention.
- **Blockchain-Based C2 Resiliency:** Updates Command-and-Control (C2) endpoints by posting new transaction data to the Solana blockchain. This makes C2 infrastructure highly resilient, as takedowns only require posting a new transaction pointing to a fresh payload server.
- **Dropping Additional Payloads:** Capable of downloading and executing secondary tools, including implied remote access tools.
## Indicators of Compromise
*Note: Specific artifacts were not provided in the context, but the known distribution vectors are key indicators.*
- File Hashes: [Not provided in context]
- File Names: Malicious extensions: `ai-driven-dev.ai-driven-dev`, `adhamu.history-in-sublime-merge`, `yasuyuky.transient-emacs`.
- Registry Keys: [Not provided in context]
- Network Indicators: C2 endpoints updated via transactions on the **Solana blockchain**. (Specific new C2 domains/IPs are transient and updated via blockchain.)
- Behavioral Indicators: Execution logic obfuscated via **invisible Unicode characters** within the extension code source. Installation of extensions from non-official sources or with suspicious metadata/descriptions.
## Associated Threat Actors
- **Observed Provenance:** Assessed to be **Russian-speaking**.
- **Observed Infrastructure:** Known to utilize the open-source browser extension C2 framework named **RedExt**.
## Detection Methods
- Signature-based detection: Difficult due to Unicode obfuscation, requires sophisticated file content scanning focusing on the use of specific invisible characters.
- Behavioral detection: Monitoring VS Code extension initialization scripts for suspicious file access patterns, credential file reads, or network connections made immediately upon activation after installation.
- YARA rules: Could be developed to target the specific pattern of invisible Unicode characters used for code hiding within extension source files.
## Mitigation Strategies
- **Prevention Measures:** Users and organizations should exercise extreme caution when installing extensions from third-party marketplaces like Open VSX, preferring the official, vetted Microsoft VS Code Marketplace where possible.
- **Hardening Recommendations:** Organizations should audit installed VS Code extensions regularly. Platform owners (Open VSX) must rigorously vet submissions and rapidly cycle infrastructure. Developers must be cautious about the permissions granted to newly installed extensions.
## Related Tools/Techniques
- **RedExt:** An open-source C2 framework used by the threat actor for C2 infrastructure management.
- General **Supply Chain Compromise via Developer Tools:** Similar to attacks targeting environments like npm, PyPI, or other developer repositories.