Full Report
A new and ongoing supply-chain attack is targeting developers on the OpenVSX and Microsoft Visual Studio marketplaces with self-spreading malware called GlassWorm that has been installed an estimated 35,800 times. [...]
Analysis Summary
# Incident Report: Self-Spreading GlassWorm Malware in VS Code/OpenVSX Registries
## Executive Summary
A sophisticated, self-spreading supply-chain attack, dubbed GlassWorm, targeted developers using extensions on the OpenVSX and Microsoft Visual Studio Code (VS Code) marketplaces. Attackers used invisible Unicode characters to hide malicious code within extensions, leading to an estimated 35,800 installations. The malware steals developer credentials (GitHub, npm, OpenVSX) and cryptocurrency data, deploying a SOCKS proxy and HVNC remote access, with C2 infrastructure highly resilient due to its reliance on the Solana blockchain.
## Incident Details
- **Discovery Date:** On or around October 20, 2025 (Discovery by Koi Security)
- **Incident Date:** Compromises began around October 17, 2025, with continuous deployments.
- **Affected Organization:** OpenVSX and Microsoft Visual Studio Code Marketplaces (developers using infected extensions)
- **Sector:** Software Development/Technology
- **Geography:** Global (due to nature of software registries)
## Timeline of Events
### Initial Access
- **Date/Time:** Starting October 17, 2025, and continuing.
- **Vector:** Malicious extensions uploaded to OpenVSX and VS Code registries.
- **Details:** Malicious code was hidden using "invisible Unicode characters" within the extension source code, allowing silent infection upon automated extension updates.
### Lateral Movement
- **Details:** The malware is inherently worm-like. Once installed, it attempts to steal credentials for GitHub, npm, and OpenVSX accounts. This stolen information is then used to infect *more* extensions the compromised user has access to, facilitating self-propagation.
### Data Exfiltration/Impact
- **Details:** The primary goal was credential and cryptocurrency theft. The malware steals data from 49 targeted extensions. It deploys a SOCKS proxy to route malicious traffic through the victim's machine and installs HVNC (Hidden VNC) clients for remote access. The final payload, ZOMBI, turns infected systems into nodes for criminal infrastructure.
### Detection & Response
- **Detection:** Discovered by researchers at Koi Security, who identified the use of invisible characters and the Solana C2 method.
- **Response Actions:** Microsoft removed the malicious extension from its marketplace. Publishers of two identified extensions (_vscode-theme-seti-folder_ and _git-worktree-menu_) updated their code to remove the malicious content.
## Attack Methodology
- **Initial Access:** Supply chain compromise via malicious VS Code and OpenVSX extensions hidden with invisible Unicode characters.
- **Persistence:** Installation of HVNC clients for persistent, invisible remote access.
- **Privilege Escalation:** Not explicitly detailed, but likely leveraged developer context to access secrets.
- **Defense Evasion:** Extremely effective evasion using invisible characters; C2 resilience achieved through decentralized methods.
- **Credential Access:** Targeting of GitHub, npm, and OpenVSX account credentials, as well as cryptocurrency wallet data.
- **Discovery:** N/A (Malware payload ran post-installation).
- **Lateral Movement:** Self-propagating worm behavior using stolen access tokens to infect other available extensions.
- **Collection:** Gathering sensitive repository credentials and crypto wallet data.
- **Exfiltration:** Exfiltration methods not fully detailed, but implied after credential harvesting.
- **Impact:** Turning compromised workstations into peer-to-peer nodes for underlying criminal infrastructure (ZOMBI payload).
## Impact Assessment
- **Financial:** Potential cryptocurrency theft (goal of the attack). Estimated 35,800 active installations suggest widespread exposure.
- **Data Breach:** Theft of GitHub, npm, and OpenVSX credentials; targeted cryptocurrency wallet data.
- **Operational:** Disruption to developer workflows; potential use of infected systems as botnet nodes (ZOMBI infrastructure).
- **Reputational:** Significant damage to trust in the OpenVSX and VS Code extension marketplaces.
## Indicators of Compromise
- **Network indicators (Defanged):** C2 communication utilizing the Solana blockchain for payload fetching; backup C2 via Google Calendar events; direct connection attempt to `217.69.3[.]218` (IP used for third delivery mechanism).
- **File indicators:** Final payload named "ZOMBI" (massively obfuscated JavaScript).
- **Behavioral indicators:** Installation of SOCKS proxies; installation of HVNC clients; use of BitTorrent DHT for decentralized command distribution.
## Response Actions
- **Containment measures:** Identifying and neutralizing the initial entry points (malicious extensions) on the marketplaces.
- **Eradication steps:** Publishers updated vulnerable extensions; Microsoft removed malicious entries.
- **Recovery actions:** Users needed to scan their systems, revoke potentially compromised credentials, and update all VS Code environments.
## Lessons Learned
- **Key takeaways:** The effectiveness of using "invisible" characters for code obfuscation in developer tooling supply chains is exceptionally dangerous, as it bypasses typical visual code review. Reliance on decentralized C2 methods (blockchain) grants attackers extreme resilience against traditional takedown efforts.
- **What could have been done better:** Marketplace vetting processes need enhanced automated scanning capable of detecting obscure Unicode tricks and behavioral anomalies related to credential harvesting immediately upon submission.
## Recommendations
- Implement strict static analysis tools capable of detecting hidden Unicode characters in submitted code packages.
- Mandate Multi-Factor Authentication (MFA) for all publisher accounts to mitigate credential theft impact.
- Review and minimize the required permissions for all extensions during the installation process to limit potential SOCKS proxy or persistent remote access installations.
- Investigate and block connections to known blockchain addresses or URLs used for payload delivery, if practical.