Full Report
Cybersecurity researchers have flagged dozens of Microsoft Visual Studio Code (VS Code) extensions on the Open VSX repository that are linked to a persistent information-stealing campaign dubbed GlassWorm. The cluster of 73 extensions has been identified as cloned versions of their legitimate counterparts. Of these, six have been confirmed to be malicious, with the remaining acting as seemingly
Analysis Summary
# Incident Report: GlassWorm v2 Information-Stealing Campaign
## Executive Summary
A cybersecurity research firm (Socket) has identified 73 fraudulent Microsoft Visual Studio Code extensions on the Open VSX repository linked to the "GlassWorm" threat group. These extensions use "sleeper" tactics and typosquatting to impersonate legitimate tools, eventually deploying malware designed to steal sensitive data and establish remote access. The campaign has evolved to target multiple IDEs and use sophisticated obfuscation to bypass Russian-based systems.
## Incident Details
- **Discovery Date:** April 2026
- **Incident Date:** Ongoing since December 21, 2025
- **Affected Organization:** Users of Open VSX repository and developers using VS Code-based IDEs
- **Sector:** Software Development / Technology
- **Geography:** Global (specifically avoids systems located in Russia)
## Timeline of Events
### Initial Access
- **Date/Time:** Commencing December 2025; latest cluster published early April 2026.
- **Vector:** Supply Chain Attack / Social Engineering.
- **Details:** Attackers uploaded 73 cloned/typosquatted extensions to Open VSX. They utilized legitimate icons and descriptions to build "visual trust."
### Lateral Movement
- **Details:** Once a malicious extension is activated, it uses the `--install-extension` command to propagate the infection across all IDEs found on the system, including VS Code, Cursor, Windsurf, and VSCodium.
### Data Exfiltration/Impact
- **Details:** The malware targets Chromium-based browser data (credentials, bookmarks), general sensitive system data, and establishes a Remote Access Trojan (RAT) for persistent control.
### Detection & Response
- **Detection:** Identified by Socket researchers via automated supply chain monitoring.
- **Response:** Public disclosure of 73 flagged extensions; 6 specifically confirmed as active malware at the time of the report.
## Attack Methodology
- **Initial Access:** Typosquatting and cloning of popular Open VSX extensions.
- **Persistence:** Installation of a secondary VSIX extension hosted on GitHub and potential RAT deployment.
- **Privilege Escalation:** Not explicitly detailed, but utilizes IDE-level permissions to run commands.
- **Defense Evasion:** Use of "sleeper" packages (innocuous at first, poisoned via update), obfuscated JavaScript, and geofencing to avoid Russian systems.
- **Credential Access:** Rogue Chromium extensions used to siphon browser-stored credentials.
- **Discovery:** Automated scanning for multiple installed IDEs (Cursor, VSCodium, etc.).
- **Lateral Movement:** Professional cross-IDE infection via command-line installation.
- **Collection:** Gathering of bookmarks, credentials, and sensitive developer data.
- **Exfiltration:** Data sent to attacker-controlled infrastructure.
- **Impact:** Information theft and long-term remote access via RAT.
## Impact Assessment
- **Financial:** Potential loss of intellectual property; costs associated with breach remediation.
- **Data Breach:** High; theft of developer credentials, session tokens, and browser data.
- **Operational:** Potential for downstream supply chain attacks if developer credentials are used to poison other projects.
- **Reputational:** Erosion of trust in third-party extension marketplaces like Open VSX.
## Indicators of Compromise
### File Indicators (Malicious Extensions)
- `outsidestormcommand.monochromator-theme`
- `keyacrosslaud.auto-loop-for-antigravity`
- `krundoven.ironplc-fast-hub`
- `boulderzitunnel.vscode-buddies`
- `cubedivervolt.html-code-validate`
- `winnerdomain17.version-lens-tool`
### Behavioral Indicators
- Unexpected use of `--install-extension` command in terminal.
- VS Code extensions attempting to communicate with GitHub-hosted VSIX files that were not manually requested.
- Unauthorized installation of Chromium-based browser extensions.
## Response Actions
- **Containment:** Removal of flagged extensions from the Open VSX marketplace by repository maintainers.
- **Eradication:** Instructions for developers to audit their IDE extensions and remove any published by the identified malicious authors.
- **Recovery:** Rotating credentials and clearing browser caches for affected users.
## Lessons Learned
- **Trust Maturity:** High install counts or legitimate-looking icons are no longer sufficient indicators of safety.
- **Sleeper Tactics:** Modern supply chain attacks often undergo a "waiting period" where they function normally before turning malicious via a transitive update.
- **IDE Breadth:** Attackers are now targeting "clones" and forks of VS Code (Cursor, Windsurf) rather than just the primary Microsoft distribution.
## Recommendations
- **Strict Vetting:** Implement a policy to only install extensions from verified publishers with a proven history.
- **Sandboxing:** Run development environments in isolated containers (e.g., Devcontainers) to limit access to host browser data.
- **Monitoring:** Monitor for unusual outbound network traffic from IDE processes.
- **Audit:** Regularly review installed extensions and their authors against known threat actor lists.